diff options
Diffstat (limited to 'base/ra')
195 files changed, 0 insertions, 25223 deletions
diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt deleted file mode 100644 index ece6713c6..000000000 --- a/base/ra/CMakeLists.txt +++ /dev/null @@ -1,94 +0,0 @@ -project(ra) - -add_subdirectory(doc) -add_subdirectory(setup) - -# install systemd scripts -install( - FILES - lib/systemd/system/pki-rad.target - lib/systemd/system/pki-rad@.service - DESTINATION - ${SYSTEMD_LIB_INSTALL_DIR} - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -# install init script -install( - FILES - etc/init.d/pki-rad - DESTINATION - ${SYSCONF_INSTALL_DIR}/rc.d/init.d - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -install( - DIRECTORY - apache/conf/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf -) - -install( - DIRECTORY - apache/docroot - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME} -) - -install( - DIRECTORY - emails/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf -) - -install( - DIRECTORY - lib/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/lib -) - -install( - FILES - scripts/nss_pcache - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/scripts - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -install( - FILES - scripts/schema.sql - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/scripts -) - -# install empty directories -install( - DIRECTORY - DESTINATION - ${VAR_INSTALL_DIR}/lock/pki/ra -) - -install( - DIRECTORY - DESTINATION - ${VAR_INSTALL_DIR}/run/pki/ra -) - -install( - DIRECTORY - DESTINATION - ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants -) diff --git a/base/ra/LICENSE b/base/ra/LICENSE deleted file mode 100644 index e281f4362..000000000 --- a/base/ra/LICENSE +++ /dev/null @@ -1,291 +0,0 @@ -This Program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published -by the Free Software Foundation; version 2 of the License. - -This Program is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -for more details. - -You should have received a copy of the GNU General Public License -along with this Program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf deleted file mode 100644 index c4a38620a..000000000 --- a/base/ra/apache/conf/httpd.conf +++ /dev/null @@ -1,1076 +0,0 @@ -# -# Based upon the NCSA server configuration files originally by Rob McCool. -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs-2.0/> for detailed information about -# the directives. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/export/apache" will be interpreted by the -# server as "/export/apache/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation (available -# at <URL:http://httpd.apache.org/docs-2.0/mod/mpm_common.html#lockfile>); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "[PKI_INSTANCE_PATH]" - -# -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !mpm_winnt.c> -<IfModule !mpm_netware.c> -#LockFile logs/accept.lock -</IfModule> -</IfModule> - -# -# ScoreBoardFile: File used to store internal server process information. -# If unspecified (the default), the scoreboard will be stored in an -# anonymous shared memory segment, and will be unavailable to third-party -# applications. -# If specified, ensure that no two invocations of Apache share the same -# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !mpm_netware.c> -<IfModule !perchild.c> -#ScoreBoardFile logs/apache_runtime_status -</IfModule> -</IfModule> - - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -<IfModule !mpm_netware.c> -PidFile run/[PKI_INSTANCE_NAME].pid -</IfModule> - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 15 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule prefork.c> -StartServers 5 -MinSpareServers 5 -MaxSpareServers 10 -MaxClients 150 -MaxRequestsPerChild 0 -</IfModule> - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves - -# MPM worker module is a loadable module as of 2.4 -# Module must be loaded before the configuration stanza -LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so - -<IfModule worker.c> -ServerLimit 1 -StartServers 1 -MaxClients 64 -MinSpareThreads 1 -MaxSpareThreads 75 -ThreadsPerChild 64 -MaxRequestsPerChild 0 -</IfModule> - -# perchild MPM -# NumServers: constant number of server processes -# StartThreads: initial number of worker threads in each server process -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# MaxThreadsPerChild: maximum number of worker threads in each server process -# MaxRequestsPerChild: maximum number of connections per server process -<IfModule perchild.c> -NumServers 5 -StartThreads 5 -MinSpareThreads 5 -MaxSpareThreads 10 -MaxThreadsPerChild 20 -MaxRequestsPerChild 0 -</IfModule> - -# WinNT MPM -# ThreadsPerChild: constant number of worker threads in the server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_winnt.c> -ThreadsPerChild 250 -MaxRequestsPerChild 0 -</IfModule> - -# BeOS MPM -# StartThreads: how many threads do we initially spawn? -# MaxClients: max number of threads we can have (1 thread == 1 client) -# MaxRequestsPerThread: maximum number of requests each thread will process -<IfModule beos.c> -StartThreads 10 -MaxClients 50 -MaxRequestsPerThread 10000 -</IfModule> - -# NetWare MPM -# ThreadStackSize: Stack size allocated for each worker thread -# StartThreads: Number of worker threads launched at server startup -# MinSpareThreads: Minimum number of idle threads, to handle request spikes -# MaxSpareThreads: Maximum number of idle threads -# MaxThreads: Maximum number of worker threads alive at the same time -# MaxRequestsPerChild: Maximum number of requests a thread serves. It is -# recommended that the default value of 0 be set for this -# directive on NetWare. This will allow the thread to -# continue to service requests indefinitely. -<IfModule mpm_netware.c> -ThreadStackSize 65536 -StartThreads 250 -MinSpareThreads 25 -MaxSpareThreads 250 -MaxThreads 1000 -MaxRequestsPerChild 0 -MaxMemFree 100 -</IfModule> - -# OS/2 MPM -# StartServers: Number of server processes to maintain -# MinSpareThreads: Minimum number of idle threads per process, -# to handle request spikes -# MaxSpareThreads: Maximum number of idle threads per process -# MaxRequestsPerChild: Maximum number of connections per server process -<IfModule mpmt_os2.c> -StartServers 2 -MinSpareThreads 5 -MaxSpareThreads 10 -MaxRequestsPerChild 0 -</IfModule> - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the <VirtualHost> -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 - -Listen [PKI_UNSECURE_PORT] - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# - -LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so -[FORTITUDE_AUTH_MODULES] -# Module for User and Group -LoadModule unixd_module /etc/httpd/modules/mod_unixd.so -# Required module for command 'UserDir': -LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so -# Required module for command 'DirectoryIndex': -LoadModule dir_module [FORTITUDE_LIB_DIR]/modules/mod_dir.so -# Required module for command 'TypesConfig': -LoadModule mime_module [FORTITUDE_LIB_DIR]/modules/mod_mime.so -# Required module for command 'LogFormat': -LoadModule log_config_module [FORTITUDE_LIB_DIR]/modules/mod_log_config.so -# Required module for command 'Alias': -LoadModule alias_module [FORTITUDE_LIB_DIR]/modules/mod_alias.so -# Required module for command 'SetEnvIf': -LoadModule setenvif_module [FORTITUDE_LIB_DIR]/modules/mod_setenvif.so -# Required module for command 'IndexOptions': -LoadModule autoindex_module [FORTITUDE_LIB_DIR]/modules/mod_autoindex.so -# Required module for command 'LanguagePriority': -LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so -# Required module for command 'CGI Scripts': -LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so -# Required module for commands in nss.conf: -[FORTITUDE_NSS_MODULES] - -<Location /nk_service> - SetHandler nk_service -</Location> - -<Location /tus> - SetHandler tus -</Location> - -# -# Load config files from the config directory "[PKI_INSTANCE_PATH]/conf". -# -#Include conf.d/*.conf -Include [PKI_INSTANCE_PATH]/conf/perl.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -<IfModule !mpm_winnt.c> -<IfModule !mpm_netware.c> -# -# If you wish [PKI_INSTANCE_NAME] to run as a different user or group, you must run -# [PKI_INSTANCE_NAME] as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_NAME] as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User [PKI_USER] -Group [PKI_GROUP] -#Group #-1 -</IfModule> -</IfModule> - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin you@example.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the PKI_HOSTNAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "[PKI_INSTANCE_PATH]/docroot" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# -<Directory /> - Options FollowSymLinks - AllowOverride None -</Directory> - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# -<Directory "[PKI_INSTANCE_PATH]/docroot"> - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs-2.0/mod/core.html#options -# for more information. -# - Options Indexes ExecCGI FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Require all granted - -</Directory> - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -UserDir public_html - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -#<Directory /home/*/public_html> -# AllowOverride FileInfo AuthConfig Limit Indexes -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# <Limit GET POST OPTIONS PROPFIND> -# Order allow,deny -# Allow from all -# </Limit> -# <LimitExcept GET POST OPTIONS PROPFIND> -# Order deny,allow -# Deny from all -# </LimitExcept> -#</Directory> - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var index.cgi - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# -<Files ~ "^\.ht"> - Require all denied -</Files> - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig conf/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -<IfModule mod_mime_magic.c> - MIMEMagicFile conf/magic -</IfModule> - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile -# -#EnableSendfile off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -#LogLevel warn -LogLevel debug - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# You need to enable mod_logio.c to use %I and %O -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a <VirtualHost> -# container, they will be logged here. Contrariwise, if you *do* -# define per-<VirtualHost> access logfiles, transactions will be -# logged therein and *not* in this file. -# -CustomLog logs/access_log common - -# -# If you would like to have agent and referer logfiles, uncomment the -# following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# If you prefer a single logfile with access, agent, and referer information -# (Combined Logfile Format) you can use the following directive. -# -#CustomLog logs/access_log combined - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens Prod - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature Off - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "[PKI_INSTANCE_PATH]/icons/" - -<Directory "[PKI_INSTANCE_PATH]/icons"> - Options Indexes MultiViews - AllowOverride None - Require all granted -</Directory> - -# -# This should be changed to the ServerRoot/manual/. The alias provides -# the manual, even if you choose to move your DocumentRoot. You may comment -# this out if you do not care for the documentation. -# -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[PKI_INSTANCE_PATH]/manual$1" - -<Directory "[PKI_INSTANCE_PATH]/manual"> - Options Indexes - AllowOverride None - Require all granted - - <Files *.html> - SetHandler type-map - </Files> - - SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1 - RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 -</Directory> - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "[PKI_INSTANCE_PATH]/cgi-bin/" - -<IfModule mod_cgid.c> -# -# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path> -# for setting UNIX socket for communicating with cgid. -# -#Scriptsock logs/cgisock -</IfModule> - -# -# "[PKI_INSTANCE_PATH]/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# -<Directory "[PKI_INSTANCE_PATH]/cgi-bin"> - AllowOverride None - Options ExecCGI - Require all granted -</Directory> - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Commonly used filename extensions to character sets. You probably -# want to avoid clashes with the language extensions, unless you -# are good at carefully testing your setup after each change. -# See http://www.iana.org/assignments/character-sets for the -# official list of charset names and their respective RFCs. -# -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb -AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk -AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb -AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5 .Big5 .big5 -# For russian, more than one charset is used (depends on client, mostly): -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-8 .utf8 - -# The set below does not map to a specific (iso) standard -# but works on a fairly wide range of browsers. Note that -# capitalization actually matters (it should not, but it -# does for some browsers). -# -# See http://www.iana.org/assignments/character-sets -# for a list of sorts. But browsers support few. -# -AddCharset GB2312 .gb2312 .gb -AddCharset utf-7 .utf7 -AddCharset utf-8 .utf8 -AddCharset big5 .big5 .b5 -AddCharset EUC-TW .euc-tw -AddCharset EUC-JP .euc-jp -AddCharset EUC-KR .euc-kr -AddCharset shift_jis .sjis - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz -# -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For server-parsed imagemap files: -# -#AddHandler imap-file map - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -#AddType text/html .shtml -#AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_<error>.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_<error>.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /export/apache/error/include/ files and copying them to /your/include/path/, -# even on a per-VirtualHost basis. The default include files will display -# your Apache version number and your ServerAdmin email address regardless -# of the setting of ServerSignature. -# -# The internationalized error documents require mod_alias, mod_include -# and mod_negotiation. To activate them, uncomment the following 30 lines. - -# Alias /error/ "/export/apache/error/" -# -# <Directory "/export/apache/error"> -# AllowOverride None -# Options IncludesNoExec -# AddOutputFilter Includes html -# AddHandler type-map var -# Order allow,deny -# Allow from all -# LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr -# ForceLanguagePriority Prefer Fallback -# </Directory> -# -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var -#[ErrorDocument_404] -#[ErrorDocument_500] - - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully -BrowserMatch "^gnome-vfs" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-status> -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-info> -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - - -# -# Bring in additional module-specific configurations -# -#<IfModule mod_ssl.c> -# Include conf/ssl.conf -#</IfModule> -Include [PKI_INSTANCE_PATH]/conf/nss.conf - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# <URL:http://httpd.apache.org/docs-2.0/vhosts/> -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost *:80 - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -#<VirtualHost *:80> -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -#</VirtualHost> diff --git a/base/ra/apache/conf/magic b/base/ra/apache/conf/magic deleted file mode 100644 index 0de73361f..000000000 --- a/base/ra/apache/conf/magic +++ /dev/null @@ -1,382 +0,0 @@ -# Magic data for mod_mime_magic Apache module (originally for file(1) command) -# The module is described in /manual/mod/mod_mime_magic.html -# -# The format is 4-5 columns: -# Column #1: byte number to begin checking from, ">" indicates continuation -# Column #2: type of data to match -# Column #3: contents of data to match -# Column #4: MIME type of result -# Column #5: MIME encoding of result (optional) - -#------------------------------------------------------------------------------ -# Localstuff: file(1) magic for locally observed files -# Add any locally observed files here. - -#------------------------------------------------------------------------------ -# end local stuff -#------------------------------------------------------------------------------ - -#------------------------------------------------------------------------------ -# Java - -0 short 0xcafe ->2 short 0xbabe application/java - -#------------------------------------------------------------------------------ -# audio: file(1) magic for sound formats -# -# from Jan Nicolai Langfeldt <janl@ifi.uio.no>, -# - -# Sun/NeXT audio data -0 string .snd ->12 belong 1 audio/basic ->12 belong 2 audio/basic ->12 belong 3 audio/basic ->12 belong 4 audio/basic ->12 belong 5 audio/basic ->12 belong 6 audio/basic ->12 belong 7 audio/basic - ->12 belong 23 audio/x-adpcm - -# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format -# that uses little-endian encoding and has a different magic number -# (0x0064732E in little-endian encoding). -0 lelong 0x0064732E ->12 lelong 1 audio/x-dec-basic ->12 lelong 2 audio/x-dec-basic ->12 lelong 3 audio/x-dec-basic ->12 lelong 4 audio/x-dec-basic ->12 lelong 5 audio/x-dec-basic ->12 lelong 6 audio/x-dec-basic ->12 lelong 7 audio/x-dec-basic -# compressed (G.721 ADPCM) ->12 lelong 23 audio/x-dec-adpcm - -# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" -# AIFF audio data -8 string AIFF audio/x-aiff -# AIFF-C audio data -8 string AIFC audio/x-aiff -# IFF/8SVX audio data -8 string 8SVX audio/x-aiff - -# Creative Labs AUDIO stuff -# Standard MIDI data -0 string MThd audio/unknown -#>9 byte >0 (format %d) -#>11 byte >1 using %d channels -# Creative Music (CMF) data -0 string CTMF audio/unknown -# SoundBlaster instrument data -0 string SBI audio/unknown -# Creative Labs voice data -0 string Creative\ Voice\ File audio/unknown -## is this next line right? it came this way... -#>19 byte 0x1A -#>23 byte >0 - version %d -#>22 byte >0 \b.%d - -# [GRR 950115: is this also Creative Labs? Guessing that first line -# should be string instead of unknown-endian long...] -#0 long 0x4e54524b MultiTrack sound data -#0 string NTRK MultiTrack sound data -#>4 long x - version %ld - -# Microsoft WAVE format (*.wav) -# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] -# Microsoft RIFF -0 string RIFF audio/unknown -# - WAVE format ->8 string WAVE audio/x-wav -# MPEG audio. -0 beshort&0xfff0 0xfff0 audio/mpeg -# C64 SID Music files, from Linus Walleij <triad@df.lth.se> -0 string PSID audio/prs.sid - -#------------------------------------------------------------------------------ -# c-lang: file(1) magic for C programs or various scripts -# - -# XPM icons (Greg Roelofs, newt@uchicago.edu) -# ideally should go into "images", but entries below would tag XPM as C source -0 string /*\ XPM image/x-xbm 7bit - -# this first will upset you if you're a PL/1 shop... (are there any left?) -# in which case rm it; ascmagic will catch real C programs -# C or REXX program text -0 string /* text/plain -# C++ program text -0 string // text/plain - -#------------------------------------------------------------------------------ -# compress: file(1) magic for pure-compression formats (no archives) -# -# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. -# -# Formats for various forms of compressed data -# Formats for "compress" proper have been moved into "compress.c", -# because it tries to uncompress it to figure out what's inside. - -# standard unix compress -0 string \037\235 application/octet-stream x-compress - -# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) -0 string \037\213 application/octet-stream x-gzip - -# According to gzip.h, this is the correct byte order for packed data. -0 string \037\036 application/octet-stream -# -# This magic number is byte-order-independent. -# -0 short 017437 application/octet-stream - -# XXX - why *two* entries for "compacted data", one of which is -# byte-order independent, and one of which is byte-order dependent? -# -# compacted data -0 short 0x1fff application/octet-stream -0 string \377\037 application/octet-stream -# huf output -0 short 0145405 application/octet-stream - -# Squeeze and Crunch... -# These numbers were gleaned from the Unix versions of the programs to -# handle these formats. Note that I can only uncrunch, not crunch, and -# I didn't have a crunched file handy, so the crunch number is untested. -# Keith Waclena <keith@cerberus.uchicago.edu> -#0 leshort 0x76FF squeezed data (CP/M, DOS) -#0 leshort 0x76FE crunched data (CP/M, DOS) - -# Freeze -#0 string \037\237 Frozen file 2.1 -#0 string \037\236 Frozen file 1.0 (or gzip 0.5) - -# lzh? -#0 string \037\240 LZH compressed data - -#------------------------------------------------------------------------------ -# frame: file(1) magic for FrameMaker files -# -# This stuff came on a FrameMaker demo tape, most of which is -# copyright, but this file is "published" as witness the following: -# -0 string \<MakerFile application/x-frame -0 string \<MIFFile application/x-frame -0 string \<MakerDictionary application/x-frame -0 string \<MakerScreenFon application/x-frame -0 string \<MML application/x-frame -0 string \<Book application/x-frame -0 string \<Maker application/x-frame - -#------------------------------------------------------------------------------ -# html: file(1) magic for HTML (HyperText Markup Language) docs -# -# from Daniel Quinlan <quinlan@yggdrasil.com> -# and Anna Shergold <anna@inext.co.uk> -# -0 string \<!DOCTYPE\ HTML text/html -0 string \<!doctype\ html text/html -0 string \<HEAD text/html -0 string \<head text/html -0 string \<TITLE text/html -0 string \<title text/html -0 string \<html text/html -0 string \<HTML text/html -0 string \<!-- text/html -0 string \<h1 text/html -0 string \<H1 text/html - -# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se> -0 string \<?xml text/xml - -#------------------------------------------------------------------------------ -# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps) -# -# originally from jef@helios.ee.lbl.gov (Jef Poskanzer), -# additions by janl@ifi.uio.no as well as others. Jan also suggested -# merging several one- and two-line files into here. -# -# XXX - byte order for GIF and TIFF fields? -# [GRR: TIFF allows both byte orders; GIF is probably little-endian] -# - -# [GRR: what the hell is this doing in here?] -#0 string xbtoa btoa'd file - -# PBMPLUS -# PBM file -0 string P1 image/x-portable-bitmap 7bit -# PGM file -0 string P2 image/x-portable-greymap 7bit -# PPM file -0 string P3 image/x-portable-pixmap 7bit -# PBM "rawbits" file -0 string P4 image/x-portable-bitmap -# PGM "rawbits" file -0 string P5 image/x-portable-greymap -# PPM "rawbits" file -0 string P6 image/x-portable-pixmap - -# NIFF (Navy Interchange File Format, a modification of TIFF) -# [GRR: this *must* go before TIFF] -0 string IIN1 image/x-niff - -# TIFF and friends -# TIFF file, big-endian -0 string MM image/tiff -# TIFF file, little-endian -0 string II image/tiff - -# possible GIF replacements; none yet released! -# (Greg Roelofs, newt@uchicago.edu) -# -# GRR 950115: this was mine ("Zip GIF"): -# ZIF image (GIF+deflate alpha) -0 string GIF94z image/unknown -# -# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better): -# FGF image (GIF+deflate beta) -0 string FGF95a image/unknown -# -# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal -# (best; not yet implemented): -# PBF image (deflate compression) -0 string PBF image/unknown - -# GIF -0 string GIF image/gif - -# JPEG images -0 beshort 0xffd8 image/jpeg - -# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu) -0 string BM image/bmp -#>14 byte 12 (OS/2 1.x format) -#>14 byte 64 (OS/2 2.x format) -#>14 byte 40 (Windows 3.x format) -#0 string IC icon -#0 string PI pointer -#0 string CI color icon -#0 string CP color pointer -#0 string BA bitmap array - - -#------------------------------------------------------------------------------ -# lisp: file(1) magic for lisp programs -# -# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) -0 string ;; text/plain 8bit -# Emacs 18 - this is always correct, but not very magical. -0 string \012( application/x-elc -# Emacs 19 -0 string ;ELC\023\000\000\000 application/x-elc - -#------------------------------------------------------------------------------ -# mail.news: file(1) magic for mail and news -# -# There are tests to ascmagic.c to cope with mail and news. -0 string Relay-Version: message/rfc822 7bit -0 string #!\ rnews message/rfc822 7bit -0 string N#!\ rnews message/rfc822 7bit -0 string Forward\ to message/rfc822 7bit -0 string Pipe\ to message/rfc822 7bit -0 string Return-Path: message/rfc822 7bit -0 string Path: message/news 8bit -0 string Xref: message/news 8bit -0 string From: message/rfc822 7bit -0 string Article message/news 8bit -#------------------------------------------------------------------------------ -# msword: file(1) magic for MS Word files -# -# Contributor claims: -# Reversed-engineered MS Word magic numbers -# - -0 string \376\067\0\043 application/msword -0 string \333\245-\0\0\0 application/msword - -# disable this one because it applies also to other -# Office/OLE documents for which msword is not correct. See PR#2608. -#0 string \320\317\021\340\241\261 application/msword - - - -#------------------------------------------------------------------------------ -# printer: file(1) magic for printer-formatted files -# - -# PostScript -0 string %! application/postscript -0 string \004%! application/postscript - -# Acrobat -# (due to clamen@cs.cmu.edu) -0 string %PDF- application/pdf - -#------------------------------------------------------------------------------ -# sc: file(1) magic for "sc" spreadsheet -# -38 string Spreadsheet application/x-sc - -#------------------------------------------------------------------------------ -# tex: file(1) magic for TeX files -# -# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) -# -# From <conklin@talisman.kaleida.com> - -# Although we may know the offset of certain text fields in TeX DVI -# and font files, we can't use them reliably because they are not -# zero terminated. [but we do anyway, christos] -0 string \367\002 application/x-dvi -#0 string \367\203 TeX generic font data -#0 string \367\131 TeX packed font data -#0 string \367\312 TeX virtual font data -#0 string This\ is\ TeX, TeX transcript text -#0 string This\ is\ METAFONT, METAFONT transcript text - -# There is no way to detect TeX Font Metric (*.tfm) files without -# breaking them apart and reading the data. The following patterns -# match most *.tfm files generated by METAFONT or afm2tfm. -#2 string \000\021 TeX font metric data -#2 string \000\022 TeX font metric data -#>34 string >\0 (%s) - -# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) -#0 string \\input\ texinfo Texinfo source text -#0 string This\ is\ Info\ file GNU Info text - -# correct TeX magic for Linux (and maybe more) -# from Peter Tobias (tobias@server.et-inf.fho-emden.de) -# -0 leshort 0x02f7 application/x-dvi - -# RTF - Rich Text Format -0 string {\\rtf application/rtf - -#------------------------------------------------------------------------------ -# animation: file(1) magic for animation/movie formats -# -# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) -# MPEG file -0 string \000\000\001\263 video/mpeg -# -# The contributor claims: -# I couldn't find a real magic number for these, however, this -# -appears- to work. Note that it might catch other files, too, -# so BE CAREFUL! -# -# Note that title and author appear in the two 20-byte chunks -# at decimal offsets 2 and 22, respectively, but they are XOR'ed with -# 255 (hex FF)! DL format SUCKS BIG ROCKS. -# -# DL file version 1 , medium format (160x100, 4 images/screen) -0 byte 1 video/unknown -0 byte 2 video/unknown -# Quicktime video, from Linus Walleij <triad@df.lth.se> -# from Apple quicktime file format documentation. -4 string moov video/quicktime -4 string mdat video/quicktime - diff --git a/base/ra/apache/conf/mime.types b/base/ra/apache/conf/mime.types deleted file mode 100644 index 3485692d1..000000000 --- a/base/ra/apache/conf/mime.types +++ /dev/null @@ -1,592 +0,0 @@ -# This is a comment. I love comments. - -# This file controls what Internet media types are sent to the client for -# given file extension(s). Sending the correct media type to the client -# is important so they know how to handle the content of the file. -# Extra types can either be added here or by using an AddType directive -# in your config files. For more information about Internet media types, -# please read RFC 2045, 2046, 2047, 2048, and 2077. The Internet media type -# registry is at <http://www.iana.org/assignments/media-types/>. - -# MIME type Extensions -application/activemessage -application/andrew-inset ez -application/applefile -application/atom+xml atom -application/atomicmail -application/batch-smtp -application/beep+xml -application/cals-1840 -application/cnrp+xml -application/commonground -application/cpl+xml -application/cybercash -application/dca-rft -application/dec-dx -application/dvcs -application/edi-consent -application/edifact -application/edi-x12 -application/eshop -application/font-tdpfr -application/http -application/hyperstudio -application/iges -application/index -application/index.cmd -application/index.obj -application/index.response -application/index.vnd -application/iotp -application/ipp -application/isup -application/mac-binhex40 hqx -application/mac-compactpro cpt -application/macwriteii -application/marc -application/mathematica -application/mathml+xml mathml -application/msword doc -application/news-message-id -application/news-transmission -application/ocsp-request -application/ocsp-response -application/octet-stream bin dms lha lzh exe class so dll dmg -application/oda oda -application/ogg ogg -application/parityfec -application/pdf pdf -application/pgp-encrypted -application/pgp-keys -application/pgp-signature -application/pkcs10 -application/pkcs7-mime -application/pkcs7-signature -application/pkix-cert -application/pkix-crl -application/pkixcmp -application/postscript ai eps ps -application/prs.alvestrand.titrax-sheet -application/prs.cww -application/prs.nprend -application/prs.plucker -application/qsig -application/rdf+xml rdf -application/reginfo+xml -application/remote-printing -application/riscos -application/rtf -application/sdp -application/set-payment -application/set-payment-initiation -application/set-registration -application/set-registration-initiation -application/sgml -application/sgml-open-catalog -application/sieve -application/slate -application/smil smi smil -application/srgs gram -application/srgs+xml grxml -application/timestamp-query -application/timestamp-reply -application/tve-trigger -application/vemmi -application/vnd.3gpp.pic-bw-large -application/vnd.3gpp.pic-bw-small -application/vnd.3gpp.pic-bw-var -application/vnd.3gpp.sms -application/vnd.3m.post-it-notes -application/vnd.accpac.simply.aso -application/vnd.accpac.simply.imp -application/vnd.acucobol -application/vnd.acucorp -application/vnd.adobe.xfdf -application/vnd.aether.imp -application/vnd.amiga.ami -application/vnd.anser-web-certificate-issue-initiation -application/vnd.anser-web-funds-transfer-initiation -application/vnd.audiograph -application/vnd.blueice.multipass -application/vnd.bmi -application/vnd.businessobjects -application/vnd.canon-cpdl -application/vnd.canon-lips -application/vnd.cinderella -application/vnd.claymore -application/vnd.commerce-battelle -application/vnd.commonspace -application/vnd.contact.cmsg -application/vnd.cosmocaller -application/vnd.criticaltools.wbs+xml -application/vnd.ctc-posml -application/vnd.cups-postscript -application/vnd.cups-raster -application/vnd.cups-raw -application/vnd.curl -application/vnd.cybank -application/vnd.data-vision.rdz -application/vnd.dna -application/vnd.dpgraph -application/vnd.dreamfactory -application/vnd.dxr -application/vnd.ecdis-update -application/vnd.ecowin.chart -application/vnd.ecowin.filerequest -application/vnd.ecowin.fileupdate -application/vnd.ecowin.series -application/vnd.ecowin.seriesrequest -application/vnd.ecowin.seriesupdate -application/vnd.enliven -application/vnd.epson.esf -application/vnd.epson.msf -application/vnd.epson.quickanime -application/vnd.epson.salt -application/vnd.epson.ssf -application/vnd.ericsson.quickcall -application/vnd.eudora.data -application/vnd.fdf -application/vnd.ffsns -application/vnd.fints -application/vnd.flographit -application/vnd.framemaker -application/vnd.fsc.weblaunch -application/vnd.fujitsu.oasys -application/vnd.fujitsu.oasys2 -application/vnd.fujitsu.oasys3 -application/vnd.fujitsu.oasysgp -application/vnd.fujitsu.oasysprs -application/vnd.fujixerox.ddd -application/vnd.fujixerox.docuworks -application/vnd.fujixerox.docuworks.binder -application/vnd.fut-misnet -application/vnd.grafeq -application/vnd.groove-account -application/vnd.groove-help -application/vnd.groove-identity-message -application/vnd.groove-injector -application/vnd.groove-tool-message -application/vnd.groove-tool-template -application/vnd.groove-vcard -application/vnd.hbci -application/vnd.hhe.lesson-player -application/vnd.hp-hpgl -application/vnd.hp-hpid -application/vnd.hp-hps -application/vnd.hp-pcl -application/vnd.hp-pclxl -application/vnd.httphone -application/vnd.hzn-3d-crossword -application/vnd.ibm.afplinedata -application/vnd.ibm.electronic-media -application/vnd.ibm.minipay -application/vnd.ibm.modcap -application/vnd.ibm.rights-management -application/vnd.ibm.secure-container -application/vnd.informix-visionary -application/vnd.intercon.formnet -application/vnd.intertrust.digibox -application/vnd.intertrust.nncp -application/vnd.intu.qbo -application/vnd.intu.qfx -application/vnd.irepository.package+xml -application/vnd.is-xpr -application/vnd.japannet-directory-service -application/vnd.japannet-jpnstore-wakeup -application/vnd.japannet-payment-wakeup -application/vnd.japannet-registration -application/vnd.japannet-registration-wakeup -application/vnd.japannet-setstore-wakeup -application/vnd.japannet-verification -application/vnd.japannet-verification-wakeup -application/vnd.jisp -application/vnd.kde.karbon -application/vnd.kde.kchart -application/vnd.kde.kformula -application/vnd.kde.kivio -application/vnd.kde.kontour -application/vnd.kde.kpresenter -application/vnd.kde.kspread -application/vnd.kde.kword -application/vnd.kenameaapp -application/vnd.koan -application/vnd.liberty-request+xml -application/vnd.llamagraphics.life-balance.desktop -application/vnd.llamagraphics.life-balance.exchange+xml -application/vnd.lotus-1-2-3 -application/vnd.lotus-approach -application/vnd.lotus-freelance -application/vnd.lotus-notes -application/vnd.lotus-organizer -application/vnd.lotus-screencam -application/vnd.lotus-wordpro -application/vnd.mcd -application/vnd.mediastation.cdkey -application/vnd.meridian-slingshot -application/vnd.micrografx.flo -application/vnd.micrografx.igx -application/vnd.mif mif -application/vnd.minisoft-hp3000-save -application/vnd.mitsubishi.misty-guard.trustweb -application/vnd.mobius.daf -application/vnd.mobius.dis -application/vnd.mobius.mbk -application/vnd.mobius.mqy -application/vnd.mobius.msl -application/vnd.mobius.plc -application/vnd.mobius.txf -application/vnd.mophun.application -application/vnd.mophun.certificate -application/vnd.motorola.flexsuite -application/vnd.motorola.flexsuite.adsi -application/vnd.motorola.flexsuite.fis -application/vnd.motorola.flexsuite.gotap -application/vnd.motorola.flexsuite.kmr -application/vnd.motorola.flexsuite.ttc -application/vnd.motorola.flexsuite.wem -application/vnd.mozilla.xul+xml xul -application/vnd.ms-artgalry -application/vnd.ms-asf -application/vnd.ms-excel xls -application/vnd.ms-lrm -application/vnd.ms-powerpoint ppt -application/vnd.ms-project -application/vnd.ms-tnef -application/vnd.ms-works -application/vnd.ms-wpl -application/vnd.mseq -application/vnd.msign -application/vnd.music-niff -application/vnd.musician -application/vnd.netfpx -application/vnd.noblenet-directory -application/vnd.noblenet-sealer -application/vnd.noblenet-web -application/vnd.novadigm.edm -application/vnd.novadigm.edx -application/vnd.novadigm.ext -application/vnd.obn -application/vnd.osa.netdeploy -application/vnd.palm -application/vnd.pg.format -application/vnd.pg.osasli -application/vnd.powerbuilder6 -application/vnd.powerbuilder6-s -application/vnd.powerbuilder7 -application/vnd.powerbuilder7-s -application/vnd.powerbuilder75 -application/vnd.powerbuilder75-s -application/vnd.previewsystems.box -application/vnd.publishare-delta-tree -application/vnd.pvi.ptid1 -application/vnd.pwg-multiplexed -application/vnd.pwg-xhtml-print+xml -application/vnd.quark.quarkxpress -application/vnd.rapid -application/vnd.s3sms -application/vnd.sealed.net -application/vnd.seemail -application/vnd.shana.informed.formdata -application/vnd.shana.informed.formtemplate -application/vnd.shana.informed.interchange -application/vnd.shana.informed.package -application/vnd.smaf -application/vnd.sss-cod -application/vnd.sss-dtf -application/vnd.sss-ntf -application/vnd.street-stream -application/vnd.svd -application/vnd.swiftview-ics -application/vnd.triscape.mxs -application/vnd.trueapp -application/vnd.truedoc -application/vnd.ufdl -application/vnd.uplanet.alert -application/vnd.uplanet.alert-wbxml -application/vnd.uplanet.bearer-choice -application/vnd.uplanet.bearer-choice-wbxml -application/vnd.uplanet.cacheop -application/vnd.uplanet.cacheop-wbxml -application/vnd.uplanet.channel -application/vnd.uplanet.channel-wbxml -application/vnd.uplanet.list -application/vnd.uplanet.list-wbxml -application/vnd.uplanet.listcmd -application/vnd.uplanet.listcmd-wbxml -application/vnd.uplanet.signal -application/vnd.vcx -application/vnd.vectorworks -application/vnd.vidsoft.vidconference -application/vnd.visio -application/vnd.visionary -application/vnd.vividence.scriptfile -application/vnd.vsf -application/vnd.wap.sic -application/vnd.wap.slc -application/vnd.wap.wbxml wbxml -application/vnd.wap.wmlc wmlc -application/vnd.wap.wmlscriptc wmlsc -application/vnd.webturbo -application/vnd.wrq-hp3000-labelled -application/vnd.wt.stf -application/vnd.wv.csp+wbxml -application/vnd.xara -application/vnd.xfdl -application/vnd.yamaha.hv-dic -application/vnd.yamaha.hv-script -application/vnd.yamaha.hv-voice -application/vnd.yellowriver-custom-menu -application/voicexml+xml vxml -application/watcherinfo+xml -application/whoispp-query -application/whoispp-response -application/wita -application/wordperfect5.1 -application/x-bcpio bcpio -application/x-cdlink vcd -application/x-chess-pgn pgn -application/x-compress -application/x-cpio cpio -application/x-csh csh -application/x-director dcr dir dxr -application/x-dvi dvi -application/x-futuresplash spl -application/x-gtar gtar -application/x-gzip -application/x-hdf hdf -application/x-javascript js -application/x-koan skp skd skt skm -application/x-latex latex -application/x-netcdf nc cdf -application/x-sh sh -application/x-shar shar -application/x-shockwave-flash swf -application/x-stuffit sit -application/x-sv4cpio sv4cpio -application/x-sv4crc sv4crc -application/x-tar tar -application/x-tcl tcl -application/x-tex tex -application/x-texinfo texinfo texi -application/x-troff t tr roff -application/x-troff-man man -application/x-troff-me me -application/x-troff-ms ms -application/x-ustar ustar -application/x-wais-source src -application/x400-bp -application/xhtml+xml xhtml xht -application/xslt+xml xslt -application/xml xml xsl -application/xml-dtd dtd -application/xml-external-parsed-entity -application/zip zip -audio/32kadpcm -audio/amr -audio/amr-wb -audio/basic au snd -audio/cn -audio/dat12 -audio/dsr-es201108 -audio/dvi4 -audio/evrc -audio/evrc0 -audio/g722 -audio/g.722.1 -audio/g723 -audio/g726-16 -audio/g726-24 -audio/g726-32 -audio/g726-40 -audio/g728 -audio/g729 -audio/g729D -audio/g729E -audio/gsm -audio/gsm-efr -audio/l8 -audio/l16 -audio/l20 -audio/l24 -audio/lpc -audio/midi mid midi kar -audio/mpa -audio/mpa-robust -audio/mp4a-latm -audio/mpeg mpga mp2 mp3 -audio/parityfec -audio/pcma -audio/pcmu -audio/prs.sid -audio/qcelp -audio/red -audio/smv -audio/smv0 -audio/telephone-event -audio/tone -audio/vdvi -audio/vnd.3gpp.iufp -audio/vnd.cisco.nse -audio/vnd.cns.anp1 -audio/vnd.cns.inf1 -audio/vnd.digital-winds -audio/vnd.everad.plj -audio/vnd.lucent.voice -audio/vnd.nortel.vbk -audio/vnd.nuera.ecelp4800 -audio/vnd.nuera.ecelp7470 -audio/vnd.nuera.ecelp9600 -audio/vnd.octel.sbc -audio/vnd.qcelp -audio/vnd.rhetorex.32kadpcm -audio/vnd.vmx.cvsd -audio/x-aiff aif aiff aifc -audio/x-alaw-basic -audio/x-mpegurl m3u -audio/x-pn-realaudio ram ra -audio/x-pn-realaudio-plugin -application/vnd.rn-realmedia rm -audio/x-wav wav -chemical/x-pdb pdb -chemical/x-xyz xyz -image/bmp bmp -image/cgm cgm -image/g3fax -image/gif gif -image/ief ief -image/jpeg jpeg jpg jpe -image/naplps -image/png png -image/prs.btif -image/prs.pti -image/svg+xml svg -image/t38 -image/tiff tiff tif -image/tiff-fx -image/vnd.cns.inf2 -image/vnd.djvu djvu djv -image/vnd.dwg -image/vnd.dxf -image/vnd.fastbidsheet -image/vnd.fpx -image/vnd.fst -image/vnd.fujixerox.edmics-mmr -image/vnd.fujixerox.edmics-rlc -image/vnd.globalgraphics.pgb -image/vnd.mix -image/vnd.ms-modi -image/vnd.net-fpx -image/vnd.svf -image/vnd.wap.wbmp wbmp -image/vnd.xiff -image/x-cmu-raster ras -image/x-icon ico -image/x-portable-anymap pnm -image/x-portable-bitmap pbm -image/x-portable-graymap pgm -image/x-portable-pixmap ppm -image/x-rgb rgb -image/x-xbitmap xbm -image/x-xpixmap xpm -image/x-xwindowdump xwd -message/delivery-status -message/disposition-notification -message/external-body -message/http -message/news -message/partial -message/rfc822 -message/s-http -message/sip -message/sipfrag -model/iges igs iges -model/mesh msh mesh silo -model/vnd.dwf -model/vnd.flatland.3dml -model/vnd.gdl -model/vnd.gs-gdl -model/vnd.gtw -model/vnd.mts -model/vnd.parasolid.transmit.binary -model/vnd.parasolid.transmit.text -model/vnd.vtu -model/vrml wrl vrml -multipart/alternative -multipart/appledouble -multipart/byteranges -multipart/digest -multipart/encrypted -multipart/form-data -multipart/header-set -multipart/mixed -multipart/parallel -multipart/related -multipart/report -multipart/signed -multipart/voice-message -text/calendar ics ifb -text/css css -text/directory -text/enriched -text/html html htm -text/parityfec -text/plain asc txt -text/prs.lines.tag -text/rfc822-headers -text/richtext rtx -text/rtf rtf -text/sgml sgml sgm -text/t140 -text/tab-separated-values tsv -text/uri-list -text/vnd.abc -text/vnd.curl -text/vnd.dmclientscript -text/vnd.fly -text/vnd.fmi.flexstor -text/vnd.in3d.3dml -text/vnd.in3d.spot -text/vnd.iptc.nitf -text/vnd.iptc.newsml -text/vnd.latex-z -text/vnd.motorola.reflex -text/vnd.ms-mediapackage -text/vnd.net2phone.commcenter.command -text/vnd.sun.j2me.app-descriptor -text/vnd.wap.si -text/vnd.wap.sl -text/vnd.wap.wml wml -text/vnd.wap.wmlscript wmls -text/x-setext etx -text/xml -text/xml-external-parsed-entity -video/bmpeg -video/bt656 -video/celb -video/dv -video/h261 -video/h263 -video/h263-1998 -video/h263-2000 -video/jpeg -video/mp1s -video/mp2p -video/mp2t -video/mp4v-es -video/mpv -video/mpeg mpeg mpg mpe -video/nv -video/parityfec -video/pointer -video/quicktime qt mov -video/smpte292m -video/vnd.fvt -video/vnd.motorola.video -video/vnd.motorola.videop -video/vnd.mpegurl mxu m4u -video/vnd.nokia.interleaved-multimedia -video/vnd.objectvideo -video/vnd.vivo -video/x-msvideo avi -video/x-sgi-movie movie -x-conference/x-cooltalk ice diff --git a/base/ra/apache/conf/nss.conf b/base/ra/apache/conf/nss.conf deleted file mode 100644 index 014a06c97..000000000 --- a/base/ra/apache/conf/nss.conf +++ /dev/null @@ -1,267 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support using. -# the mod_nss plugin. It contains the configuration directives to instruct -# the server how to serve pages over an https connection. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -# -# When we also provide SSL we have to listen to the -# standard HTTP port (see above) and to the HTTPS port -# -# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two -# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" -# -Listen [PKI_SECURE_PORT] - -Listen [NON_CLIENTAUTH_SECURE_PORT] - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -#NSSPassPhraseDialog builtin -NSSPassPhraseDialog defer:[PKI_INSTANCE_PATH]/conf/password.conf - - -# Pass Phrase Helper: -# This helper program stores the token password pins between -# restarts of Apache. -NSSPassPhraseHelper /usr/share/pki/ra/scripts/nss_pcache - -# Configure the SSL Session Cache. -# SSLSessionCacheSize is the number of entries in the cache. -# SSLSessionCacheTimeout is the SSL2 session timeout (in seconds). -# SSL3SessionCacheTimeout is the SSL3/TLS session timeout (in seconds). -NSSSessionCacheSize 10000 -NSSSessionCacheTimeout 100 -NSSSession3CacheTimeout 86400 - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:[PKI_SECURE_PORT]> - -# General setup for the virtual host -#DocumentRoot "/htdocs" -#ServerName [Server_Name]:[Secure_Port] -#ServerAdmin you@example.com - -# Configure OCSP checking of client certs - -#NSSOCSP on -#NSSOCSPDefaultResponder on - -# URL of the ocsp service -# -# Example of the built in ocsp service of the CS CA -# -#NSSOCSPDefaultURL http://localhost:9180/ca/ocsp - -# Nickname of ocsp signing cert -# -# Below is sufficient if using built in CS CA ocsp service -# If using outboard ocsp, make sure the cert listed below -# is imported into the local cert database. -# -#NSSOCSPDefaultName caCert - -# mod_ssl logs to separate log files, you can choose to do that if you'd like -ErrorLog [PKI_INSTANCE_PATH]/logs/error_log -TransferLog [PKI_INSTANCE_PATH]/logs/access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -NSSEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_nss documentation for a complete list. -NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha - -NSSProtocol SSLv3,TLSv1 - -# SSL Certificate Nickname: -# The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]" - -# Server Certificate Database: -# The NSS security database directory that holds the certificates and -# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. -# Provide the directory that these files exist. -NSSCertificateDatabase [PKI_INSTANCE_PATH]/alias - -# Client Authentication (Type): -# Client certificate verification type. Types are none, optional and -# require. -NSSVerifyClient require - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_nss documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> - NSSOptions +StdEnvVars +ExportCertData -</Files> -<Directory "/cgi-bin"> - NSSOptions +StdEnvVars -</Directory> - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -#CustomLog [PKI_INSTANCE_PATH]/logs/ssl_request_log \ -# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> - -<VirtualHost _default_:[NON_CLIENTAUTH_SECURE_PORT]> - -# General setup for the virtual host -#DocumentRoot "/htdocs" -#ServerName [Server_Name]:[Non_Clientauth_Secure_Port] -#ServerAdmin you@example.com - -# mod_ssl logs to separate log files, you can choose to do that if you'd like -ErrorLog [PKI_INSTANCE_PATH]/logs/error_log -TransferLog [PKI_INSTANCE_PATH]/logs/access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -NSSEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_nss documentation for a complete list. -NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha - -NSSProtocol SSLv3,TLSv1 - -# SSL Certificate Nickname: -# The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]" - -# Server Certificate Database: -# The NSS security database directory that holds the certificates and -# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. -# Provide the directory that these files exist. -NSSCertificateDatabase [PKI_INSTANCE_PATH]/alias - -# Client Authentication (Type): -# Client certificate verification type. Types are none, optional and -# require. -NSSVerifyClient none - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_nss documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> - NSSOptions +StdEnvVars +ExportCertData -</Files> -<Directory "/cgi-bin"> - NSSOptions +StdEnvVars -</Directory> - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -#CustomLog [PKI_INSTANCE_PATH]/logs/ssl_request_log \ -# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> diff --git a/base/ra/apache/conf/perl.conf b/base/ra/apache/conf/perl.conf deleted file mode 100644 index 259808e75..000000000 --- a/base/ra/apache/conf/perl.conf +++ /dev/null @@ -1,100 +0,0 @@ -# -# Mod_perl incorporates a Perl interpreter into the Apache web server, -# so that the Apache web server can directly execute Perl code. -# Mod_perl links the Perl runtime library into the Apache web server -# and provides an object-oriented Perl interface for Apache's C -# language API. The end result is a quicker CGI script turnaround -# process, since no external Perl interpreter has to be started. -# - -LoadModule perl_module [FORTITUDE_LIB_DIR]/modules/mod_perl.so - -# Uncomment this line to globally enable warnings, which will be -# written to the server's error log. Warnings should be enabled -# during the development process, but should be disabled on a -# production server as they affect performance. -# -#PerlWarn On - -# Uncomment this line to enable taint checking globally. When Perl is -# running in taint mode various checks are performed to reduce the -# risk of insecure data being passed to a subshell or being used to -# modify the filesystem. Unfortunatly many Perl modules are not -# taint-safe, so you should exercise care before enabling it on a -# production server. -# -#PerlTaintCheck On - -# This will allow execution of mod_perl to compile your scripts to -# subroutines which it will execute directly, avoiding the costly -# compile process for most requests. -# -#Alias /perl /var/www/perl -#<Directory /var/www/perl> -# SetHandler perl-script -# PerlResponseHandler ModPerl::Registry -# PerlOptions +ParseHeaders -# Options +ExecCGI -#</Directory> - -# This will allow remote server configuration reports, with the URL of -# http://servername/perl-status -# Change the ".your-domain.com" to match your domain to enable. -# -#PerlModule Apache::compat -#<Location /perl-status> -# SetHandler perl-script -# PerlResponseHandler Apache::Status -# Order deny,allow -# Deny from all -# Allow from .your-domain.com -#</Location> - -PerlModule ModPerl::Registry -PerlModule [FORTITUDE_APACHE]::compat -PerlModule PKI::RA::wizard -PerlSetEnv PKI_DOCROOT [PKI_INSTANCE_PATH]/docroot -PerlSetEnv PKI_ROOT [PKI_INSTANCE_PATH] -<Location /ra/admin/console/config/wizard> - SetHandler perl-script - PerlHandler PKI::RA::Wizard - Require all granted -</Location> - -<Location /ra/admin/console/config/login> - SetHandler perl-script - PerlHandler PKI::RA::Login - Require all granted -</Location> - -PerlModule ModPerl::PerlRun -Alias /ee/ [PKI_INSTANCE_PATH]/docroot/ee/ -<Location /ee/ > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> - -Alias /agent/ [PKI_INSTANCE_PATH]/docroot/agent/ -<Location /agent/ > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> - -Alias /admin/ [PKI_INSTANCE_PATH]/docroot/admin/ -<Location /admin/ > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> - -<Location /index.cgi > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> diff --git a/base/ra/apache/docroot/404.html b/base/ra/apache/docroot/404.html deleted file mode 100755 index 39997a669..000000000 --- a/base/ra/apache/docroot/404.html +++ /dev/null @@ -1,146 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2009 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<script language=javascript> -var url = document.URL; -var protocol = location.protocol; -var hostname = location.hostname; -var port = location.port; -</script> - -<head> -<title>RA 404 Error!</title> -<!-- always expand ALL relative paths --> -<script language=javascript> -document.write('<link rel="shortcut icon" href="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/images/favicon.ico'); -document.write('" />'); -document.write('<link rel="stylesheet" href="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/css/pki-base.css'); -document.write('" type="text/css" />'); -document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">'); -</script> -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> -<div id="header"> -<!-- always expand ALL relative paths --> -<script language=javascript> -document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/images/logo_header.gif'); -document.write('" alt="Dogtag" id="myLogo" /></a>'); -</script> - <div id="headertitle"> - <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - <dl><dt><span></span></dt><dd></dd></dl> - </div> -</div> - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -Certificate System RA Error Page -</font><br> -<p> -</font> -<p> -<script language=javascript> -document.write('<center>'); -document.write('<table border="1" cellspacing="0" cellpadding="0">'); -document.write('<tr valign="TOP">'); -document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>'); -document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>'); -document.write('</tr>'); -document.write('<tr valign="TOP">'); -document.write('<td align="center"><b><font size="+3" color="red">'); -document.write('404'); -document.write('</font></b></td>'); -document.write('<td><b><font size="+1" color="RED">'); -document.write('The requested resource could not be found but may be available again in the future.'); -document.write('</font></b><br><b><font size="+1" color="RED">'); -document.write('Please check the validity of the URL listed below:'); -document.write('</font></b><br><br>'); -document.write('<center><b><font size="+1"><a href="'); -document.write(url); -document.write('">'); -document.write(url); -document.write('</a>'); -document.write('</font></b></center><br></td>'); -document.write('</tr>'); -document.write('</table>'); -document.write('</center>'); -</script> -<div id="footer"> -</div> -<!-- -To prevent Internet Explorer from overriding the display of this custom error -page by displaying it's own "Friendly HTTP Error Message", always include the -following 'padding' to ensure that the text size exceeds 512 bytes: - -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] ---> -</body> -</html> - diff --git a/base/ra/apache/docroot/500.html b/base/ra/apache/docroot/500.html deleted file mode 100755 index 2d560a684..000000000 --- a/base/ra/apache/docroot/500.html +++ /dev/null @@ -1,139 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2009 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<script language=javascript> -var url = document.URL; -var protocol = location.protocol; -var hostname = location.hostname; -var port = location.port; -</script> - -<head> -<title>RA 500 Error!</title> -<!-- always expand ALL relative paths --> -<script language=javascript> -document.write('<link rel="shortcut icon" href="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/images/favicon.ico'); -document.write('" />'); -document.write('<link rel="stylesheet" href="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/css/pki-base.css'); -document.write('" type="text/css" />'); -document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">'); -</script> -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> -<div id="header"> -<!-- always expand ALL relative paths --> -<script language=javascript> -document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/images/logo_header.gif'); -document.write('" alt="Dogtag" id="myLogo" /></a>'); -</script> - <div id="headertitle"> - <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - <dl><dt><span></span></dt><dd></dd></dl> - </div> -</div> - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -Certificate System RA Error Page -</font><br> -<p> -</font> -<p> -<script language=javascript> -document.write('<center>'); -document.write('<table border="1" cellspacing="0" cellpadding="0">'); -document.write('<tr valign="TOP">'); -document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>'); -document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>'); -document.write('</tr>'); -document.write('<tr valign="TOP">'); -document.write('<td align="center"><b><font size="+3" color="red">'); -document.write('500'); -document.write('</font></b></td>'); -document.write('<td><b><font size="+1" color="RED">'); -document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>'); -document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.'); -document.write('</font></b><br></td>'); -document.write('</tr>'); -document.write('</table>'); -document.write('</center>'); -</script> -<div id="footer"> -</div> -<!-- -To prevent Internet Explorer from overriding the display of this custom error -page by displaying it's own "Friendly HTTP Error Message", always include the -following 'padding' to ensure that the text size exceeds 512 bytes: - -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] ---> -</body> -</html> - diff --git a/base/ra/apache/docroot/admin/group/add.cgi b/base/ra/apache/docroot/admin/group/add.cgi deleted file mode 100755 index 212330d0d..000000000 --- a/base/ra/apache/docroot/admin/group/add.cgi +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - my $name = $util->get_val($q->param('name')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_group($gid); - if (defined($ref)) { - # gid used - print $q->redirect("/admin/group/add_new.cgi?error=exist"); - return; - } - my $ref = $store->add_group($gid, $name); - $store->close(); - - print $q->redirect("/admin/group/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/add_member.cgi b/base/ra/apache/docroot/admin/group/add_member.cgi deleted file mode 100755 index d60fe965e..000000000 --- a/base/ra/apache/docroot/admin/group/add_member.cgi +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->add_user_to_group($gid, $userid); - $store->close(); - - print $q->redirect("/admin/group/read.cgi?gid=" . $gid); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/add_new.cgi b/base/ra/apache/docroot/admin/group/add_new.cgi deleted file mode 100755 index 5a1ca7eda..000000000 --- a/base/ra/apache/docroot/admin/group/add_new.cgi +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - my $error = $q->param('error'); - $context{error} = $util->html_encode($error); - - my $result = $parser->execute_file_with_context("admin/group/add_new.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/add_new.vm b/base/ra/apache/docroot/admin/group/add_new.vm deleted file mode 100644 index e9fac77b8..000000000 --- a/base/ra/apache/docroot/admin/group/add_new.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Add New Group</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -#if ($error == 'exist') -<font color=red>Group already exists</font> -<p> -#end -<center> -<form name="add_new_form" method=post action="add.cgi"> -<table> -<tr> - <td><b>GID</b></td> - <td><input type=text name="gid" value=""></td> -</tr> -<tr> - <td><b>Name</b></td> - <td><input type=text name="name" value=""></td> -</tr> -</table> -</form> -<a href="#" onclick="document.add_new_form.submit();">Add Group</a> -</center> -<p> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/group/delete.cgi b/base/ra/apache/docroot/admin/group/delete.cgi deleted file mode 100755 index 5fb1f22ce..000000000 --- a/base/ra/apache/docroot/admin/group/delete.cgi +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->delete_group($gid); - $store->close(); - - print $q->redirect("/admin/group/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/delete_member.cgi b/base/ra/apache/docroot/admin/group/delete_member.cgi deleted file mode 100755 index 2e516eeee..000000000 --- a/base/ra/apache/docroot/admin/group/delete_member.cgi +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->delete_user_from_group($gid, $userid); - $store->close(); - - print $q->redirect("/admin/group/read.cgi?gid=" . $gid); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/index.cgi b/base/ra/apache/docroot/admin/group/index.cgi deleted file mode 100755 index 07dc653e6..000000000 --- a/base/ra/apache/docroot/admin/group/index.cgi +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - - my $util = PKI::Base::Util->new(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my @groups = $store->list_groups($sp, $mc); - $store->close(); - - my @r; - my $i = 0; - foreach my $group (@groups) { - $r[$i] = new PKI::RA::GlobalVar( - getGID => sub { return $util->html_encode(Encode::decode('UTF-8', $group->{'gid'})) }, - getName => sub { return $util->html_encode(Encode::decode('UTF-8', $group->{'name'})) }, - ); - $i++; - } - $context{rows} = \@r; - - my $result = $parser->execute_file_with_context("admin/group/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/index.vm b/base/ra/apache/docroot/admin/group/index.vm deleted file mode 100644 index d19cacd2d..000000000 --- a/base/ra/apache/docroot/admin/group/index.vm +++ /dev/null @@ -1,81 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Admin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -<a href="add_new.cgi">Add New Group</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>GID</b></td> -<td><b>Name</b></td> -</tr> -#foreach($r in $rows) -<tr valign="TOP"> -<td><a href="read.cgi?gid=$r.getGID()">$r.getGID()</a></td> -<td>$r.getName()</td> -</tr> -#end -</table> -</center> -<p> -<a href="index.cgi?sp=$pp&mc=$mc">Previous</a> | <a href="index.cgi?sp=$np&mc=$mc">Next</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/group/read.cgi b/base/ra/apache/docroot/admin/group/read.cgi deleted file mode 100755 index 9ede3aa53..000000000 --- a/base/ra/apache/docroot/admin/group/read.cgi +++ /dev/null @@ -1,125 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_group($gid); - - $context{gid} = $util->html_encode(Encode::decode('UTF-8', $ref->{'gid'})); - $context{name} = $util->html_encode(Encode::decode('UTF-8', $ref->{'name'})); - - my @members = $store->list_all_members($gid); - my @users = $store->list_all_non_members($gid); - $store->close(); - - # new member in the group - my @r; - my $i = 0; - foreach my $member (@members) { - $r[$i] = new PKI::RA::GlobalVar( - getUID => sub { return $util->html_encode($member->{'uid'}) }, - ); - $i++; - } - $context{members} = \@r; - - # read users - my @u; - $i = 0; - foreach my $user (@users) { - $u[$i] = new PKI::RA::GlobalVar( - getUID => sub { return $util->html_encode($user->{'uid'}) }, - ); - $i++; - } - if ($i == 0) { - $context{non_member_exists} = 0; - } else { - $context{non_member_exists} = 1; - } - $context{users} = \@u; - - my $result = $parser->execute_file_with_context("admin/group/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/read.vm b/base/ra/apache/docroot/admin/group/read.vm deleted file mode 100644 index 9aa8c8e1f..000000000 --- a/base/ra/apache/docroot/admin/group/read.vm +++ /dev/null @@ -1,104 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Groups</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> - <td><b>GID</b></td> - <td>$gid</td> -</tr> -<tr valign="TOP"> - <td><b>Name</b></td> - <td>$name</td> -</tr> -</table> -</center> -<p> -<a href="delete.cgi?gid=$gid">Delete This Group</a> -<p> ------------------------------------------------ -<br/> -<b>Members</b> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -#foreach($r in $members) -<tr valign="TOP"> -<td><a href="../user/read.cgi?uid=$r.getUID()">$r.getUID()</a> <a href="delete_member.cgi?gid=$gid&uid=$r.getUID()">[Delete]</a></td> -</tr> -#end -</table> -</center> -<br/> ------------------------------------------------ -<br/> -#if ($non_member_exists) -<b>New Member</b> -<form name=new_member_form method=post action="add_member.cgi"> -<input type=hidden name=gid value="$gid"> -<select name=uid> -#foreach ($u in $users) - <option value="$u.getUID()">$u.getUID()</option> -#end -</select> <a href="#" onclick="document.new_member_form.submit();">Add</a> -</form> -#end -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/index.cgi b/base/ra/apache/docroot/admin/index.cgi deleted file mode 100755 index 2db7b2500..000000000 --- a/base/ra/apache/docroot/admin/index.cgi +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/agent/error.cgi?error=Authentication%20Error"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $result = $parser->execute_file_with_context("admin/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/index.vm b/base/ra/apache/docroot/admin/index.vm deleted file mode 100644 index c6add6e6a..000000000 --- a/base/ra/apache/docroot/admin/index.vm +++ /dev/null @@ -1,95 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Admin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -RA Admin Services -</font><br> -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/admin/user/index.cgi">List Users</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/admin/user/add_new.cgi">Add New User</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/admin/group/index.cgi">List Groups</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/admin/group/add_new.cgi">Add New Group</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/user/add.cgi b/base/ra/apache/docroot/admin/user/add.cgi deleted file mode 100755 index 94c4bae81..000000000 --- a/base/ra/apache/docroot/admin/user/add.cgi +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $userid = $util->get_val($q->param('uid')); - my $name = $util->get_val($q->param('name')); - my $email = $util->get_val($q->param('email')); - my $certificate = $util->get_val($q->param('certificate')); - - if ($certificate =~ /BEGIN CERTIFICATE/ || - $certificate =~ /END CERTIFICATE/) { - # do nothing - } else { - print $q->redirect("/admin/user/add_new.cgi?error=cert_header"); - return; - } - $certificate =~ s/-----BEGIN CERTIFICATE-----//g; - $certificate =~ s/-----END CERTIFICATE-----//g; - $certificate =~ s/[\r\n]//g; - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_user($userid); - if (defined($ref)) { - # uid used - print $q->redirect("/admin/user/add_new.cgi?error=exist"); - return; - } - my $ref = $store->add_user($userid, $name, $email, $certificate); - $store->close(); - - print $q->redirect("/admin/user/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/add_new.cgi b/base/ra/apache/docroot/admin/user/add_new.cgi deleted file mode 100755 index 8bfbd0e9e..000000000 --- a/base/ra/apache/docroot/admin/user/add_new.cgi +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $error = $util->get_val($q->param('error')); - $context{error} = $error; - - my $result = $parser->execute_file_with_context("admin/user/add_new.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/add_new.vm b/base/ra/apache/docroot/admin/user/add_new.vm deleted file mode 100644 index 4d90d4840..000000000 --- a/base/ra/apache/docroot/admin/user/add_new.vm +++ /dev/null @@ -1,95 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Add New User</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -#if ($error == 'exist') -<font color=red>User already exists</font> -<p> -#end -#if ($error == 'cert_header') -<font color=red>Invalid Certificate header</font> -<p> -#end -<center> -<form name="add_new_form" method=post action="add.cgi"> -<table> -<tr> - <td><b>UID</b></td> - <td><input type=text name="uid" value=""></td> -</tr> -<tr> - <td><b>Name</b></td> - <td><input type=text name="name" value=""></td> -</tr> -<tr> - <td><b>Email</b></td> - <td><input type=text name="email" value=""></td> -</tr> -<tr> - <td><b>Certificate</b></td> - <td><textarea name=certificate></textarea></td> -</tr> -</table> -</form> -<a href="#" onclick="document.add_new_form.submit();">Add User</a> -</center> -<p> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/user/delete.cgi b/base/ra/apache/docroot/admin/user/delete.cgi deleted file mode 100755 index 707035edb..000000000 --- a/base/ra/apache/docroot/admin/user/delete.cgi +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - my $util = PKI::Base::Util->new(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->delete_user($userid); - $store->close(); - - print $q->redirect("/admin/user/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/index.cgi b/base/ra/apache/docroot/admin/user/index.cgi deleted file mode 100755 index c845ae1dc..000000000 --- a/base/ra/apache/docroot/admin/user/index.cgi +++ /dev/null @@ -1,118 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my $util = PKI::Base::Util->new(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $status = $util->get_alphanum_val($q->param('status')); - $context{status} = $status; - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my @users = $store->list_users($sp, $mc); - $store->close(); - - my @r; - my $i = 0; - foreach my $user (@users) { - $r[$i] = new PKI::RA::GlobalVar( - getUID => sub { return $util->html_encode($user->{'uid'}) }, - getName => sub { return $util->html_encode(Encode::decode('UTF-8',$user->{'name'})) }, - getEmail => sub { return $util->html_encode($user->{'email'}) }, - ); - $i++; - } - $context{rows} = \@r; - - my $result = $parser->execute_file_with_context("admin/user/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/index.vm b/base/ra/apache/docroot/admin/user/index.vm deleted file mode 100644 index 7262561f6..000000000 --- a/base/ra/apache/docroot/admin/user/index.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Admin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -<a href="add_new.cgi">Add New User</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>UID</b></td> -<td><b>Name</b></td> -<td><b>Email</b></td> -</tr> -#foreach($r in $rows) -<tr valign="TOP"> -<td><a href="read.cgi?uid=$r.getUID()">$r.getUID()</a></td> -<td>$r.getName()</td> -<td>$r.getEmail()</td> -</tr> -#end -</table> -</center> -<p> -<a href="index.cgi?status=$status&sp=$pp&mc=$mc">Previous</a> | <a href="index.cgi?status=$status&sp=$np&mc=$mc">Next</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/user/read.cgi b/base/ra/apache/docroot/admin/user/read.cgi deleted file mode 100755 index 08d2fd3f7..000000000 --- a/base/ra/apache/docroot/admin/user/read.cgi +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_user($userid); - $store->close(); - - $context{userid} = $util->html_encode($ref->{'uid'}); - $context{name} = $util->html_encode(Encode::decode('UTF-8', $ref->{'name'})); - $context{email} = $util->html_encode($ref->{'email'}); - $context{certificate} = $util->breakline($util->html_encode($ref->{'certificate'}),40); - - my $result = $parser->execute_file_with_context("admin/user/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/read.vm b/base/ra/apache/docroot/admin/user/read.vm deleted file mode 100644 index 354d9881f..000000000 --- a/base/ra/apache/docroot/admin/user/read.vm +++ /dev/null @@ -1,88 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Users</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -</font> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> - <td><b>UID</b></td> - <td>$userid</td> -</tr> -<tr valign="TOP"> - <td><b>Name</b></td> - <td>$name</td> -</tr> -<tr valign="TOP"> - <td><b>Email</b></td> - <td>$email</td> -</tr> -<tr valign="TOP"> - <td><b>Certificate</b></td> - <td>$certificate</td> -</tr> -</table> -</center> -<p> -<a href="delete.cgi?uid=$userid">[Delete]</a> -<p> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/cert/index.cgi b/base/ra/apache/docroot/agent/cert/index.cgi deleted file mode 100755 index 46e5b8c2c..000000000 --- a/base/ra/apache/docroot/agent/cert/index.cgi +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Base::CertStore; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my @roles = $self->get_current_roles($cfg); - my $r = join(",",@roles); - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my @certs = $cs->list_certs_by_approver($uid, $sp, $mc); - $cs->close(); - - my @r; - my $i = 0; - foreach my $cert (@certs) { - $r[$i] = new PKI::RA::GlobalVar( - getReqId => sub { return $util->html_encode($cert->{'rid'}) }, - getSerialno => sub { return $util->html_encode($cert->{'serialno'}) }, - getSubjectDN => sub { return $util->html_encode($cert->{'subject_dn'}) }, - getCertificate => sub { return $util->html_encode($cert->{'certificate'}) }, - getApprovedBy => sub { return $util->html_encode($cert->{'approved_by'}) }, - getCreatedAt => sub { return $util->html_encode($cert->{'created_at'}); }, - ); - $i++; - } - $context{rows} = \@r; - - my $result = $parser->execute_file_with_context("agent/cert/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/cert/index.vm b/base/ra/apache/docroot/agent/cert/index.vm deleted file mode 100644 index f9229b0f9..000000000 --- a/base/ra/apache/docroot/agent/cert/index.vm +++ /dev/null @@ -1,86 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Agent</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -<br>List Certificates Approved by: $uid -</font><br> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Serial#</b></td> -<td><b>Request ID</b></td> -<td><b>Subject DN</b></td> -<td><b>Approved By</b></td> -<td><b>Created At</b></td> -</tr> -#foreach($r in $rows) -<tr valign="TOP"> -<td><a href="read.cgi?serialno=$r.getSerialno()">$r.getSerialno()</a></td> -<td><a href="/agent/request/read.cgi?id=$r.getReqId()">$r.getReqId()</a></td> -<td>$r.getSubjectDN()</td> -<td>$r.getApprovedBy()</td> -<td>$r.getCreatedAt()</td> -</tr> -#end -</table> -</center> -<p> -<a href="index.cgi?sp=$pp&mc=$mc">Previous</a> | <a href="index.cgi?sp=$np&mc=$mc">Next</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/cert/read.cgi b/base/ra/apache/docroot/agent/cert/read.cgi deleted file mode 100755 index f434baedb..000000000 --- a/base/ra/apache/docroot/agent/cert/read.cgi +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Conn::CA; -use Encode; -use vars qw (@ISA); -use PKI::Service::Op; - -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $serialno = $util->get_alphanum_val($q->param('serialno')); - - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my $ref = $cs->read_certificate_by_approver($uid, $serialno); - $cs->close(); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - my $certStatus = $ca->getCertStatus("ca1", $serialno); - $ca->close(); - - - $context{certificate} = $util->breakline($util->html_encode($ref->{'certificate'}), 40); - - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $ref->{'subject_dn'})); - $context{created_at} = $util->html_encode($ref->{'created_at'}); - $context{approved_by} = $util->html_encode($ref->{'approved_by'}); - $context{rid} = $util->html_encode($ref->{'rid'}); - $context{certStatus} = $util->html_encode($certStatus); - - my $result = $parser->execute_file_with_context("agent/cert/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/cert/read.vm b/base/ra/apache/docroot/agent/cert/read.vm deleted file mode 100644 index 43c78ffa4..000000000 --- a/base/ra/apache/docroot/agent/cert/read.vm +++ /dev/null @@ -1,96 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificates</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -<br>Certificate Information -</font><br> -<p> -</font> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Serial Number</b></td> -<td><a href="read.cgi?serialno=$serialno">$serialno</a></td> -</tr> -<tr valign="TOP"> -<td><b>Subject DN</b></td> -<td>$subject_dn</td> -</tr> -<tr valign="TOP"> -<td><b>Certificate</b></td> -<td>$certificate</td> -</tr> -<tr valign="TOP"> -<td><b>Approved By</b></td> -<td>$approved_by</td> -</tr> -<tr valign="TOP"> -<td><b>Created At</b></td> -<td>$created_at</td> -</tr> -<tr valign="TOP"> -<td><b>Revocation Status</b></td> -<td>$certStatus</td> -</tr> -</table> -</center> -<br/> -<a href="/agent/cert/revoke.cgi?rid=$rid&serialno=$serialno&subject_dn=$subject_dn">Revoke</a> -<br/> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/cert/revoke.cgi b/base/ra/apache/docroot/agent/cert/revoke.cgi deleted file mode 100755 index 1e483aea0..000000000 --- a/base/ra/apache/docroot/agent/cert/revoke.cgi +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Base::Util; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $serialno = $util->get_alphanum_val($q->param('serialno')); - my $subject_dn = $util->get_val($q->param('subject_dn')); - my $rid = $util->get_alphanum_val($q->param('rid')); - - $context{serialno} = $util->html_encode($serialno); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8',$subject_dn)); - $context{rid} = $util->html_encode($rid); - - my $result = $parser->execute_file_with_context("agent/cert/revoke.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/cert/revoke.vm b/base/ra/apache/docroot/agent/cert/revoke.vm deleted file mode 100644 index 626bbed42..000000000 --- a/base/ra/apache/docroot/agent/cert/revoke.vm +++ /dev/null @@ -1,111 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Revocation</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -<br>Revoking Certificate: -</font><br> -<p> -</font> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Serial Number:</b></td> -<td>$serialno</td> -</tr> -<tr valign="TOP"> -<td><b>Subject DN:</b></td> -<td>$subject_dn</td> -</tr> -</table> -<br> -<b>Select A Reason:</b> -</br> -<table> -<form name=reason_form method=post action=submit.cgi> -<input type=hidden name=serialno value="$serialno"> -<input type=hidden name=subject_dn value="$subject_dn"> -<input type=hidden name=rid value="$rid"> -<tr> -<td><input checked type=radio name="reason" value="0">Unspecified</td> -</tr> -<tr> -<td><input type=radio name="reason" value="1">Key compromised</td> -</tr> -<tr> -<td><input type=radio name="reason" value="2">CA key compromised</td> -</tr> -<tr> -<td><input type=radio name="reason" value="3">Affiliation changed</td> -</tr> -<tr> -<td><input type=radio name="reason" value="4">Certificate superseded</td> -</tr> -<tr> -<td><input type=radio name="reason" value="5">Cessation of operation</td> -</tr> -<tr> -<td><input type=radio name="reason" value="6">Certificate is on hold</td> -</tr> -</form> -</table> -</center> -<br/> -<a href="#" onclick="document.reason_form.submit();">Submit</a> -<br/> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/cert/submit.cgi b/base/ra/apache/docroot/agent/cert/submit.cgi deleted file mode 100755 index 571385f3a..000000000 --- a/base/ra/apache/docroot/agent/cert/submit.cgi +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Conn::CA; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $serialno = $util->get_alphanum_val($q->param('serialno')); - my $subject_dn = $util->get_val($q->param('subject_dn')); - my $reason = $util->get_alphanum_val($q->param('reason')); - my $rid = $util->get_alphanum_val($q->param('rid')); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - $ca->revoke($rid, "ca1", $serialno, $reason); - $ca->close(); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - - my $ref = $queue->read_request($rid); - $context{errorString} = $util->html_encode($ref->{'errorString'}); - $queue->close(); - - $context{rid} = $util->html_encode($rid); - $context{serialno} = $util->html_encode($serialno); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $subject_dn)); - - my $result = $parser->execute_file_with_context("agent/cert/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/cert/submit.vm b/base/ra/apache/docroot/agent/cert/submit.vm deleted file mode 100644 index 730228715..000000000 --- a/base/ra/apache/docroot/agent/cert/submit.vm +++ /dev/null @@ -1,91 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Revocation Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -<br>Revocation of Certificate: -</font><br> -<p> -</font> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Serial Number:</b></td> -<td>$serialno</td> -</tr> -<tr valign="TOP"> -<td><b>Subject DN:</b></td> -<td>$subject_dn</td> -</tr> -<tr> -<td><b>Result:</b></td> -#if ($errorString == "0") -<td>Revoked</td> -#else -<td>Failed: $errorString</td> -#end -</tr> -<tr> -<td><b>Request ID:</b></td> -<td><a href="/agent/request/read.cgi?id=$rid">$rid</a></td> -</tr> -</table> -<br> -</center> -<br/> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/error.cgi b/base/ra/apache/docroot/agent/error.cgi deleted file mode 100755 index fa13365a7..000000000 --- a/base/ra/apache/docroot/agent/error.cgi +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Util; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $util = PKI::Base::Util->new(); - - my $error = $util->get_val($q->param('error')); - - my %context; - if ($error ne "") { - $context{has_error} = 1; - $context{'error'} = $util->html_encode($error); - } - - my $result = $parser->execute_file_with_context("agent/error.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/error.vm b/base/ra/apache/docroot/agent/error.vm deleted file mode 100644 index dbe65cb58..000000000 --- a/base/ra/apache/docroot/agent/error.vm +++ /dev/null @@ -1,72 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Agent Error!</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -Agent Interface -</font><br> -<p> -</font> -<p> -<center> -You are not authorized to access the requested page. -<br> -#if ($has_error) - Error: $error -#end -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/index.cgi b/base/ra/apache/docroot/agent/index.cgi deleted file mode 100755 index c8f2040fe..000000000 --- a/base/ra/apache/docroot/agent/index.cgi +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Registry; -use PKI::Base::Util; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi?error=Authentication%20Error"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $result = $parser->execute_file_with_context("agent/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/index.vm b/base/ra/apache/docroot/agent/index.vm deleted file mode 100644 index 5bd952ba2..000000000 --- a/base/ra/apache/docroot/agent/index.vm +++ /dev/null @@ -1,81 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Agent</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -RA Agent Services -</font><br> -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/agent/request/index.cgi">List Requests</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/agent/cert/index.cgi">List Certificates</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/request/add_note.cgi b/base/ra/apache/docroot/agent/request/add_note.cgi deleted file mode 100755 index 0ffac91c7..000000000 --- a/base/ra/apache/docroot/agent/request/add_note.cgi +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Base::TimeTool; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $id = $util->get_alphanum_val($q->param('id')); - my $note = $util->get_val($q->param('note')); - - if ($note eq "") { - # dont add anything - print $q->redirect("/agent/request/read.cgi?id=" . $id); - return; - } - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $new_note = "==== Note created by $uid at $now ====\n" . - $note . "\n"; - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $ref = $queue->read_request($id); - $queue->set_request($id, "note", $ref->{'note'} . $new_note); - $queue->close(); - - print $q->redirect("/agent/request/read.cgi?id=" . $id); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/request/index.cgi b/base/ra/apache/docroot/agent/request/index.cgi deleted file mode 100755 index 81b25977a..000000000 --- a/base/ra/apache/docroot/agent/request/index.cgi +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Service::Op; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - $self->debug_log( $cfg, "in request/index.cgi, uid == $uid"); - - my %context; - $context{uid} = $util->html_encode($uid); - - my @roles = $self->get_current_roles($cfg); -# my $r = join(",",@roles); - - my $status = $util->get_alphanum_val($q->param('status')); - if ($status eq "") { - $context{status} = ""; - } else { - $context{status} = $util->html_encode($status); - } - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $total = $queue->count_requests_by_roles(\@roles, $status); - $context{total} = $util->html_encode($total); - - my @reqs = $queue->list_requests_by_roles(\@roles, $status, $sp, $mc); -# my @reqs = $queue->list_requests_by_roles($r, $status, $sp, $mc); - $queue->close(); - - my @r; - my $i = 0; - foreach my $req (@reqs) { - $r[$i] = new PKI::RA::GlobalVar( - getId => sub { return $util->html_encode($req->{'rowid'}) }, - getType => sub { return $util->html_encode($req->{'type'}) }, - getStatus => sub { return $util->html_encode($req->{'status'}) }, - getError => sub { return $util->html_encode($req->{'errorString'}) }, - getAssignedTo => sub { return $util->html_encode($req->{'assigned_to'}) }, - getData => sub { return $util->html_encode($req->{'data'}); }, - getCreatedBy => sub { return $util->html_encode($req->{'created_by'}); }, - getCreatedAt => sub { return $util->html_encode($req->{'created_at'}); }, - ); - $i++; - } - $context{rows} = \@r; - - if ($sp - $mc < 0) { - $context{show_previous} = "no"; - } else { - $context{show_previous} = "yes"; - } - - if ($i < 20) { - $context{show_next} = "no"; - } else { - $context{show_next} = "yes"; - } - - my $result = $parser->execute_file_with_context("agent/request/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/request/index.vm b/base/ra/apache/docroot/agent/request/index.vm deleted file mode 100644 index dd9901fdb..000000000 --- a/base/ra/apache/docroot/agent/request/index.vm +++ /dev/null @@ -1,95 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Agent</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -</font><br> -<p> -<a href="index.cgi">All</a> | <a href="index.cgi?status=OPEN">OPEN</a> | <a href="index.cgi?status=APPROVED">APPROVED</a> | <a href="index.cgi?status=REJECTED">REJECTED</a> | <a href="index.cgi?status=ERROR">FAILED</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Id</b></td> -<td><b>Type</b></td> -<td><b>Status</b></td> -<td><b>Assigned To</b></td> -<td><b>Created By</b></td> -<td><b>Created At</b></td> -<td><b>Error</b></td> -</tr> -#foreach($r in $rows) -<tr valign="TOP"> -<td><a href="read.cgi?id=$r.getId()">$r.getId()</a></td> -<td>$r.getType()</td> -<td>$r.getStatus()</td> -<td>$r.getAssignedTo()</td> -<td>$r.getCreatedBy()</td> -<td>$r.getCreatedAt()</td> -<td>$r.getError()</td> -</tr> -#end -</table> -</center> -<p> -Total: $total -<br/> -<br/> -<a href="index.cgi?status=$status&sp=$pp&mc=$mc">Previous</a> | -<a href="index.cgi?status=$status&sp=$np&mc=$mc">Next</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/request/op.cgi b/base/ra/apache/docroot/agent/request/op.cgi deleted file mode 100755 index 363d7121b..000000000 --- a/base/ra/apache/docroot/agent/request/op.cgi +++ /dev/null @@ -1,153 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use Benchmark; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Base::Util; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $st = new Benchmark; - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $type = $util->get_alphanum_val($q->param('type')); - my $id = $util->get_alphanum_val($q->param('id')); - - my $db_st = new Benchmark; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - - my $ref; - - my @roles = $self->get_current_roles($cfg); - my $pref = $queue->read_request_by_roles(\@roles, $id); - - if (! defined $pref) { - $queue->close(); - $self->debug_log($cfg, "Invalid attempt to process request id= " . $id . - " by userid= " . $uid); - print $q->redirect("/agent/error.cgi"); - return; - } - - my $curr_status = $pref->{'status'}; - if ($type eq "approve") { - if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { - $queue->close(); - print $q->redirect("/agent/request/read.cgi?id=$id"); - return; - } - - $ref = $queue->approve_request($id, $uid); - } elsif ($type eq "reject") { - if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { - $queue->close(); - print $q->redirect("/agent/request/read.cgi?id=$id"); - return; - } - - $ref = $queue->reject_request($id, $uid); - } - $queue->close(); - my $db_et = new Benchmark; - - $context{data} = $util->breakline($util->html_encode(Encode::decode('UTF-8', $ref->{'data'})), 40); - $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{type} = $util->html_encode($ref->{'type'}); - $context{ip} = $util->html_encode($ref->{'ip'}); - $context{note} = $util->html_encode($ref->{'note'}); - $context{note} =~ s/\n/<br\/>/g; - $context{created_at} = $util->html_encode($ref->{'created_at'}); - $context{updated_at} = $util->html_encode($ref->{'updated_at'}); - $context{assigned_to} = $util->html_encode($ref->{'assigned_to'}); - $context{processed_by} = $util->html_encode($ref->{'processed_by'}); - $context{created_by} = $util->html_encode($ref->{'created_by'}); - $context{status} = $util->html_encode($ref->{'status'}); - $context{errorString} = $util->html_encode($ref->{'errorString'}); - $context{id} = $util->html_encode($ref->{'rowid'}); - - my $t_st = new Benchmark; - my $result = $parser->execute_file_with_context("agent/request/op.vm", - \%context); - my $t_et = new Benchmark; - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } - - my $et = new Benchmark; - - $self->debug_log($cfg, "benchmark " . - "total=" . timestr(timediff($et, $st)) . " " . - "db total=" . timestr(timediff($db_et, $db_st)) . " " . - "template total=" . timestr(timediff($t_et, $t_st)) . " " - ); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/request/op.vm b/base/ra/apache/docroot/agent/request/op.vm deleted file mode 100644 index d5bc2dfe4..000000000 --- a/base/ra/apache/docroot/agent/request/op.vm +++ /dev/null @@ -1,127 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Request Operations</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -</font><br> -<p> -<a href="index.cgi">All</a> | <a href="index.cgi?status=OPEN">OPEN</a> | <a href="index.cgi?status=APPROVED">APPROVED</a> | <a href="index.cgi?status=REJECTED">REJECTED</a> | <a href="index.cgi?status=ERROR">FAILED</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Request Id</b></td> -<td><a href="read.cgi?id=$id">$id</a></td> -</tr> -<tr valign="TOP"> -<td><b>Type</b></td> -<td>$type</td> -</tr> -<tr valign="TOP"> -<td><b>Data</b></td> -<td>$data</td> -</tr> -<tr valign="TOP"> -<td><b>Output</b></td> -<td>$output</td> -</tr> -<tr valign="TOP"> -<td><b>Serial Number</b></td> -<td>$serialno</td> -</tr> -<tr valign="TOP"> -<td><b>Status</b></td> -<td>$status</td> -</tr> -<tr valign="TOP"> -<td><b>Error</b></td> -<td>$errorString</td> -</tr> -<tr valign="TOP"> -<td><b>Assigned To</b></td> -<td>$assigned_to</td> -</tr> -<tr valign="TOP"> -<td><b>Created By</b></td> -<td>$created_by</td> -</tr> -<tr valign="TOP"> -<td><b>Updated At</b></td> -<td>$updated_at</td> -</tr> -<tr valign="TOP"> -<td><b>Processed By</b></td> -<td>$processed_by</td> -</tr> -<tr valign="TOP"> -<td><b>Created At</b></td> -<td>$created_at</td> -</tr> -<tr valign="TOP"> -<td><b>IP</b></td> -<td>$ip</td> -</tr> -<tr valign="TOP"> -<td><b>Note</b></td> -<td>$note</td> -</tr> -</table> -</center> - -<br/> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/request/read.cgi b/base/ra/apache/docroot/agent/request/read.cgi deleted file mode 100755 index d1633c164..000000000 --- a/base/ra/apache/docroot/agent/request/read.cgi +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Base::Util; -use PKI::Request::Queue; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - - my @roles = $self->get_current_roles($cfg); -# my $r = join(",",@roles); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $ref = $queue->read_request_by_roles(\@roles, $id); - $queue->close(); - - $context{data} = $util->breakline($util->html_encode(Encode::decode('UTF-8',$ref->{'data'})), 40); - $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); - $context{meta_info} = $util->breakline($util->html_encode($ref->{'meta_info'}), 40); - - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{subject_dn} = $util->html_encode($ref->{'subject_dn'}); - $context{type} = $util->html_encode($ref->{'type'}); - $context{created_at} = $util->html_encode($ref->{'created_at'}); - $context{created_by} = $util->html_encode($ref->{'created_by'}); - $context{updated_at} = $util->html_encode($ref->{'updated_at'}); - $context{ip} = $util->html_encode($ref->{'ip'}); - $context{processed_by} = $util->html_encode($ref->{'processed_by'}); - $context{note} = $util->html_encode($ref->{'note'}); - $context{note} =~ s/\n/<br\/>/g; - $context{assigned_to} = $util->html_encode($ref->{'assigned_to'}); - $context{status} = $util->html_encode($ref->{'status'}); - if ($ref->{'status'} eq "OPEN") { - $context{is_open} = 1; - } - if ($ref->{'status'} eq "ERROR") { - $context{is_error} = 1; - } - $context{errorString} = $util->html_encode($ref->{'errorString'}); - $context{id} = $util->html_encode($ref->{'rowid'}); - - my $result = $parser->execute_file_with_context("agent/request/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/request/read.vm b/base/ra/apache/docroot/agent/request/read.vm deleted file mode 100644 index c583be021..000000000 --- a/base/ra/apache/docroot/agent/request/read.vm +++ /dev/null @@ -1,149 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Requests</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -</font><br> -<p> -<a href="index.cgi">All</a> | <a href="index.cgi?status=OPEN">OPEN</a> | <a href="index.cgi?status=APPROVED">APPROVED</a> | <a href="index.cgi?status=REJECTED">REJECTED</a>| <a href="index.cgi?status=ERROR">FAILED</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Request Id</b></td> -<td><a href="read.cgi?id=$id">$id</a></td> -</tr> -<tr valign="TOP"> -<td><b>Type</b></td> -<td>$type</td> -</tr> -<tr valign="TOP"> -<td><b>Data</b></td> -<td>$data</td> -</tr> -<tr valign="TOP"> -<td><b>Output</b></td> -<td>$output</td> -</tr> -<tr valign="TOP"> -<td><b>Serial Number</b></td> -#if ($serialno == "unavailable") -<td>$serialno</td> -#else -<td><a href="/agent/cert/read.cgi?serialno=$serialno">$serialno</a></td> -#end -</tr> -<tr valign="TOP"> -<td><b>Subject DN</b></td> -<td>$subject_dn</td> -</tr> -<tr valign="TOP"> -<td><b>Meta Info</b></td> -<td>$meta_info</td> -</tr> -<tr valign="TOP"> -<td><b>Status</b></td> -<td>$status</td> -</tr> -<tr valign="TOP"> -<td><b>Error</b></td> -<td>$errorString</td> -</tr> -<tr valign="TOP"> -<td><b>Assigned To</b></td> -<td>$assigned_to</td> -</tr> -<tr valign="TOP"> -<td><b>Created By</b></td> -<td>$created_by</td> -</tr> -<tr valign="TOP"> -<td><b>Updated At</b></td> -<td>$updated_at</td> -</tr> -<tr valign="TOP"> -<td><b>Processed By</b></td> -<td>$processed_by</td> -</tr> -<tr valign="TOP"> -<td><b>Created At</b></td> -<td>$created_at</td> -</tr> -<tr valign="TOP"> -<td><b>IP</b></td> -<td>$ip</td> -</tr> -<tr valign="TOP"> -<td><b>Note</b></td> -<td>$note</td> -</tr> -</table> -</center> -<br/> -#if ($is_open || $is_error) -<a href="op.cgi?type=approve&id=$id">Approve</a> | <a href="op.cgi?type=reject&id=$id">Reject</a> -<br/> -<br/> -#end -<form name=note_form method=post action=add_note.cgi> -<input type=hidden name=id value="$id"> -<textarea name=note> -</textarea> -</form> -<a href="#" onclick="document.note_form.submit();">Add Note</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/enroll.cgi b/base/ra/apache/docroot/ee/agent/enroll.cgi deleted file mode 100755 index 4f1af8f16..000000000 --- a/base/ra/apache/docroot/ee/agent/enroll.cgi +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use MIME::Base64; -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Conn::CA; -use PKI::Base::PinStore; -use PKI::Base::Util; - -use vars qw (@ISA); -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $uid = $util->get_val($q->param('uid')); - my $pin = $util->get_alphanum_val($q->param('pin')); - my $csr = $util->get_val($q->param('csr')); - $csr = $util->normalize_csr($csr); - - my $key = $uid; - - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - my $pinref = $pin_store->read_pin($key); - if (defined($pinref) && $pinref->{'pin'} eq $pin) { - $pin_store->delete($key); - } else { - $pin_store->close(); - print $q->redirect("/ee/error.cgi?error=Invalid Pin"); - return; - } - my $rid = $pinref->{'rid'}; - $pin_store->close(); - - my $profile_id = $cfg->get("request.agent.profileId"); - my $cert_request_type = $cfg->get("request.agent.reqType"); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($rid); - $queue->set_request($rid, "subject_dn", "uid=$uid, e=$req->{'created_by'}"); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - my $cert = $ca->enroll($rid, "ca1", $profile_id, $cert_request_type, $csr); - $ca->close(); - $queue->set_request($rid, "output", $cert); - - $req = $queue->read_request($rid); - if ($cert eq "") { - my $error = $req->{'errorString'}; - $queue->close(); - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - - my $decoded = decode_base64($cert); - my $encoded = encode_base64($decoded); - - my %context; - $context{cert} = $encoded; - $context{rid} = $util->html_encode($rid); - $context{subject_dn} = $util->html_encode($req->{'subject_dn'}); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/agent/enroll.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/enroll.vm b/base/ra/apache/docroot/ee/agent/enroll.vm deleted file mode 100644 index 203b02696..000000000 --- a/base/ra/apache/docroot/ee/agent/enroll.vm +++ /dev/null @@ -1,74 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Agent Certificate Enrollment</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -Enroll Interface -</font><br> -<p> -<b>Your Certificate:</b> -<br/> -<b>Subject DN:</b> $subject_dn -<br/> -<pre> ------BEGIN CERTIFICATE----- -$cert ------END CERTIFICATE----- -</pre> -<a href="/ee/request/importcert.cgi?id=$rid">import certificate</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/index.cgi b/base/ra/apache/docroot/ee/agent/index.cgi deleted file mode 100755 index 66fceb8ff..000000000 --- a/base/ra/apache/docroot/ee/agent/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Registry; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/agent/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/index.vm b/base/ra/apache/docroot/ee/agent/index.vm deleted file mode 100644 index 9fc991d6a..000000000 --- a/base/ra/apache/docroot/ee/agent/index.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -</font><br> -<p> -For RA agent enrollment, an agent must submit a pin creation request first before performing certificate enrollment. -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="new.cgi">Pin Creation Request</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="start.cgi">Certificate Enrollment</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/new.cgi b/base/ra/apache/docroot/ee/agent/new.cgi deleted file mode 100755 index c209f5e74..000000000 --- a/base/ra/apache/docroot/ee/agent/new.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Registry; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/agent/new.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } - -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/new.vm b/base/ra/apache/docroot/ee/agent/new.vm deleted file mode 100644 index bca0a37fc..000000000 --- a/base/ra/apache/docroot/ee/agent/new.vm +++ /dev/null @@ -1,88 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Agent Certificate Request</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -Agent Interface -</font><br> -<p> -This form is for new agent to request for agent certificate. -<p> -<center> -<form method=post action="submit.cgi"> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>UID:</td> - <td><input type=text name=uid value="" ></td> -</tr> -<tr> - <td>Your Email:</td> - <td><input type=text name=email value=""></td> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<tr> - <td><input type=submit name=Submit value="Submit"></td> - <td></td> -</tr> -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/start.cgi b/base/ra/apache/docroot/ee/agent/start.cgi deleted file mode 100755 index 27aedb546..000000000 --- a/base/ra/apache/docroot/ee/agent/start.cgi +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Registry; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - - my $result = $parser->execute_file_with_context("ee/agent/start.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/start.vm b/base/ra/apache/docroot/ee/agent/start.vm deleted file mode 100644 index b2b21dc1b..000000000 --- a/base/ra/apache/docroot/ee/agent/start.vm +++ /dev/null @@ -1,114 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Agent Certificate Request Using a One-Time Pin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - -<SCRIPT LANGUAGE="JavaScript"> - -function validate() -{ - with (document.forms[0]) { - crmfObject = crypto.generateCRMFRequest( - "CN=x", - "regToken", "authenticator", - null, - "setCRMFRequest();", - 1024, null, "rsa-dual-use"); - return false; - } -} - -function setCRMFRequest() -{ - with (document.forms[0]) { - csr.value = crmfObject.request; - submit(); - } -} - -</SCRIPT> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -Agent Interface -</font><br> -<p> -This form is for new RA agent to request a certificate. -<p> -<center> -<form onSubmit="return validate();" method=post action="enroll.cgi"> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>UID:</td> - <td><input type=text name=uid value="" ></td> -</tr> -<tr> - <td>One-Time Pin:</td> - <td><input type=text name=pin value=""></td> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<tr> - <td><input type=submit name=Submit value="Submit"></td> - <td></td> -</tr> -</table> -<input type=hidden name="csr" value=""> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/submit.cgi b/base/ra/apache/docroot/ee/agent/submit.cgi deleted file mode 100755 index a68242114..000000000 --- a/base/ra/apache/docroot/ee/agent/submit.cgi +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my $uid = $util->get_val($q->param('uid')); - my $email = $util->get_val($q->param('email')); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("agent", - "uid=" . $uid, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/agent/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/submit.vm b/base/ra/apache/docroot/ee/agent/submit.vm deleted file mode 100644 index aaabee929..000000000 --- a/base/ra/apache/docroot/ee/agent/submit.vm +++ /dev/null @@ -1,73 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Agent Certificate Request Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -</font><br> -<p> -Your request has been successfully submitted. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/error.cgi b/base/ra/apache/docroot/ee/error.cgi deleted file mode 100755 index 1417d4b61..000000000 --- a/base/ra/apache/docroot/ee/error.cgi +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Util; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $util = PKI::Base::Util->new(); - - my %context; - - my $error = $util->get_val($q->param('error')); - if ($error ne "") { - $context{has_error} = 1; - $context{'error'} = $util->html_encode($error); - } - - my $result = $parser->execute_file_with_context("ee/error.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/error.vm b/base/ra/apache/docroot/ee/error.vm deleted file mode 100644 index 0c4e7afcb..000000000 --- a/base/ra/apache/docroot/ee/error.vm +++ /dev/null @@ -1,71 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity Error!</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -EE Interface -</font><br> -<p> -<center> -Request process error -<br> -#if ($has_error) - Error: $error -#end - -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/index.cgi b/base/ra/apache/docroot/ee/index.cgi deleted file mode 100755 index 453b2873b..000000000 --- a/base/ra/apache/docroot/ee/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/index.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/index.vm b/base/ra/apache/docroot/ee/index.vm deleted file mode 100644 index 70f3443ab..000000000 --- a/base/ra/apache/docroot/ee/index.vm +++ /dev/null @@ -1,102 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -RA EE Services -</font><br> -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/scep/index.cgi">SCEP Enrollment</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/server/index.cgi">Server Enrollment</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/user/index.cgi">User Enrollment</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/agent/index.cgi">Agent Enrollment</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/request/index.cgi">Request Status Check</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/request/getcert.cgi b/base/ra/apache/docroot/ee/request/getcert.cgi deleted file mode 100755 index b22444dc1..000000000 --- a/base/ra/apache/docroot/ee/request/getcert.cgi +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Template::Velocity; -use MIME::Base64; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($id); - $queue->close(); - - my %context; - $context{id} = $util->html_encode($req->{'rowid'}); - $context{serialno} = $util->html_encode($req->{'serialno'}); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $req->{'subject_dn'})); - if ($req->{'serialno'} eq "unavailable") { - $context{output} = ""; - } else { - $context{output} = "-----BEGIN CERTIFICATE-----\n".$util->breakline($util->html_encode($req->{'output'}), 40)."\n-----END CERTIFICATE-----"; - } - my $result = $parser->execute_file_with_context("ee/request/getcert.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/getcert.vm b/base/ra/apache/docroot/ee/request/getcert.vm deleted file mode 100644 index 40387a7ef..000000000 --- a/base/ra/apache/docroot/ee/request/getcert.vm +++ /dev/null @@ -1,72 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Import Certificate</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status Check</a> -<br/> -Certificate Import -</font><br> -<p> -<p> -<b>Serial Number:</b>$serialno<br> -<b>Subject DN:</b>$subject_dn<br><br> -<b>Base64 Encoding:</b><br> - <pre>$output</pre> -<b>Import Certificate (click on the following link to import):</b><br> -<a href="importcert.cgi?id=$id">import certificate</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/request/importcert.cgi b/base/ra/apache/docroot/ee/request/importcert.cgi deleted file mode 100755 index fdc309746..000000000 --- a/base/ra/apache/docroot/ee/request/importcert.cgi +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Template::Velocity; -use MIME::Base64; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($id); - $queue->close(); - - my %context; -# $::symbol{id} = $req->{'rowid'}; -# $::symbol{status} = $req->{'status'}; - -# my $result = $parser->execute_file("ee/request/status.vm"); - - my $cert = MIME::Base64::decode($req->{'output'}); - - print "Content-Type: application/x-x509-user-cert\n\n"; - print $cert; -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/index.cgi b/base/ra/apache/docroot/ee/request/index.cgi deleted file mode 100755 index ef2a68b23..000000000 --- a/base/ra/apache/docroot/ee/request/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/request/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/index.vm b/base/ra/apache/docroot/ee/request/index.vm deleted file mode 100644 index 42dc259ac..000000000 --- a/base/ra/apache/docroot/ee/request/index.vm +++ /dev/null @@ -1,67 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status</a><br /> -</font><br> -<p> -<form name=form method=post action="status.cgi"> -Request Id: <input type=text name=id value=""> -</form> -<a href="#" onclick="document.form.submit();">Check</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/request/status.cgi b/base/ra/apache/docroot/ee/request/status.cgi deleted file mode 100755 index 6a3154716..000000000 --- a/base/ra/apache/docroot/ee/request/status.cgi +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - - my $util = PKI::Base::Util->new(); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($id); - $queue->close(); - if ($req == "") { - print $q->redirect("/ee/error.cgi?error=request%20not%20found"); - return; - } - - my %context; - $context{id} = $util->html_encode($req->{'rowid'}); - $context{type} =$util->html_encode($req->{'type'}); - $context{status} = $util->html_encode($req->{'status'}); - $context{serialno} = $util->html_encode($req->{'serialno'}); - $context{errorString} = $util->html_encode($req->{'errorString'}); - - my $result = $parser->execute_file_with_context("ee/request/status.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/status.vm b/base/ra/apache/docroot/ee/request/status.vm deleted file mode 100644 index ed61cdbe4..000000000 --- a/base/ra/apache/docroot/ee/request/status.vm +++ /dev/null @@ -1,91 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Request Status</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status Check</a> -<br/> -Request Status -</font><br> -<p> -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%><b>Request ID:</b></td> - <td><a href="status.cgi?id=$id">$id</a></td> -</tr> -<tr> - <td width=20%><b>Status:</b></td> - <td>$status</td> -</tr> -<tr> - <td width=20%><b>Error Message:</b></td> - <td>$errorString</td> -</tr> -#if ($status == "APPROVED") -#if ($serialno != "unavailable") -<tr> - <td width=20%><b>Import Certificate:</b></td> - <td><a href="getcert.cgi?id=$id">$id</td> -</tr> -#end -#end -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/enroll.cgi b/base/ra/apache/docroot/ee/scep/enroll.cgi deleted file mode 100755 index 53291636a..000000000 --- a/base/ra/apache/docroot/ee/scep/enroll.cgi +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use MIME::Base64; -use URI::URL; -use URI::Escape; -use XML::Simple; -use CGI; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Conn::CA; -use PKI::Base::PinStore; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $client_id = $util->get_val($q->param('client_id')); - my $site_id = $util->get_val($q->param('site_id')); - my $pin = $util->get_alphanum_val($q->param('pin')); - my $csr = $util->get_val($q->param('csr')); - - my $key = $client_id . "/" . $site_id; - - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - my $pinref = $pin_store->read_pin($key); - if (defined($pinref) && $pinref->{'pin'} eq $pin) { - $pin_store->delete($key); - } else { - $pin_store->close(); - # error, redirect user back to the original enrollment page - print $q->redirect("/ee/scep/installer.cgi"); - return; - } - $pin_store->close(); - - my $profile_id = $cfg->get("request.scep.profileId"); - my $cert_request_type = $cfg->get("request.scep.reqType"); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - my $cert = $ca->enroll($pinref->{'rid'}, "ca1", $profile_id, $cert_request_type, $csr); - $ca->close(); - my $decoded = decode_base64($cert); - my $encoded = encode_base64($decoded); - - my %context; - $context{cert} = $encoded; - - my $result = $parser->execute_file_with_context("ee/scep/enroll.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/enroll.vm b/base/ra/apache/docroot/ee/scep/enroll.vm deleted file mode 100644 index 2893eac1c..000000000 --- a/base/ra/apache/docroot/ee/scep/enroll.vm +++ /dev/null @@ -1,74 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>SCEP Router Enrollment</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -Installer Interface -</font><br> -<p> -This form is for router installer to retrieve the requested certificate. -<p> - <b>Your Certificate:</b> -<br/> -<pre> ------BEGIN CERTIFICATE----- -$cert ------END CERTIFICATE----- -</pre> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/index.cgi b/base/ra/apache/docroot/ee/scep/index.cgi deleted file mode 100755 index c73fc379a..000000000 --- a/base/ra/apache/docroot/ee/scep/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/scep/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/index.vm b/base/ra/apache/docroot/ee/scep/index.vm deleted file mode 100644 index 3d75a8d40..000000000 --- a/base/ra/apache/docroot/ee/scep/index.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -</font><br> -<p> -In the SCEP enrollment, a manager must firstly submit a one-time pin creation request to the RA. RA Agent will then approve and generate an one-time pin. The pin will be returned to the manager who will give the pin to a local router installer. The router installer visits the enrollment form where certificate request, one time pin and other necessary information are submitted. The system will issue the certificate immediately. -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="manager.cgi">Request Submission - Manager</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="installer.cgi">SCEP Enrollment - Installer</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/installer.cgi b/base/ra/apache/docroot/ee/scep/installer.cgi deleted file mode 100755 index 8453c2cc4..000000000 --- a/base/ra/apache/docroot/ee/scep/installer.cgi +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my %context; - $context{machine} = $cfg->get("service.machineName"); - $context{port} = $cfg->get("service.unsecurePort"); - - my $result = $parser->execute_file_with_context("ee/scep/installer.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/installer.vm b/base/ra/apache/docroot/ee/scep/installer.vm deleted file mode 100644 index be9f969ac..000000000 --- a/base/ra/apache/docroot/ee/scep/installer.vm +++ /dev/null @@ -1,73 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>SCEP Router Request Using a One-Time Pin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -Installer Interface -</font><br> -<p> -This form is for router installer to request a certificate with the given one time pin. -<p> -<center> -The SCEP enrollment URL for the router is: -<br/> -<br/> -http://$machine:$port/ee/scep/pkiclient.cgi -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/manager.cgi b/base/ra/apache/docroot/ee/scep/manager.cgi deleted file mode 100755 index 8b547a928..000000000 --- a/base/ra/apache/docroot/ee/scep/manager.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/scep/manager.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/manager.vm b/base/ra/apache/docroot/ee/scep/manager.vm deleted file mode 100644 index e5b6abed5..000000000 --- a/base/ra/apache/docroot/ee/scep/manager.vm +++ /dev/null @@ -1,123 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>SCEP Router Manager Request for a One-Time Pin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<SCRIPT LANGUAGE="JavaScript"> - -function validate() -{ - var c = document.enrollment.client_id.value; - if (c == '') { - alert("client id is empty"); - return false; - } - var s = document.enrollment.site_id.value; - if (s == '') { - alert("site id is empty"); - return false; - } - var e = document.enrollment.email.value; - if (e == '') { - alert("email is empty"); - return false; - } -} - -</SCRIPT> - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -Manager Interface -</font><br> -<p> -This form is for manager to request for a one time pin so that router installer can request for a certificate. -<p> -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<form name="enrollment" method=post action="submit.cgi">'); } else { - document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); } ---> -</script> - -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Client ID:</td> - <td><input type=text name=client_id value="" ></td> -</tr> -<tr> - <td>Site ID (IP Address):</td> - <td><input type=text name=site_id value=""></td> -</tr> -<tr> - <td>Your Email:</td> - <td><input type=text name=email value=""></td> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<tr> - <td><input type=submit name=Submit value="Submit"></td> - <td></td> -</tr> -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/pkiclient.cgi b/base/ra/apache/docroot/ee/scep/pkiclient.cgi deleted file mode 100755 index a54558f37..000000000 --- a/base/ra/apache/docroot/ee/scep/pkiclient.cgi +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use MIME::Base64; -use URI::URL; -use URI::Escape; -use XML::Simple; -use CGI; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Conn::CA; -use PKI::Base::PinStore; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $operation = $util->get_alphanum_val($q->param('operation')); - my $message = $util->get_val($q->param('message')); - $message = uri_escape($message); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - if ($operation eq "GetCACert") { - my $content = $ca->scep_get_ca_cert("ca1", $operation, $message); - - print "Content-Type: application/x-x509-ca-cert\n\n"; - print $content; - } elsif ($operation eq "PKIOperation") { - my $decoded = $ca->scep_decode("ca1", $operation, $message); - $decoded =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $decoded = $1; - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($decoded); - - # one time pin - my $pin = $response->{'PKCS10'}->{'ChallengePassword'}->{'Password'} ; - # IP Address - my $key = $ENV{'REMOTE_ADDR'}; - - # check PIN - if (1) { - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - my $pinref = $pin_store->read_pin($key); - if (defined($pinref) && $pinref->{'pin'} eq $pin) { - $pin_store->delete($key); - } else { - $pin_store->close(); - # XXX - return SCEP error - print $q->redirect("/ee/scep/installer.cgi"); - return; - } - $pin_store->close(); - } - - my $content = $ca->scep_pki_message("ca1", $operation, $message); - - print "Content-Type: application/x-pki-message\n\n"; - print $content; - } - $ca->close(); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/submit.cgi b/base/ra/apache/docroot/ee/scep/submit.cgi deleted file mode 100755 index b3dfd7a5d..000000000 --- a/base/ra/apache/docroot/ee/scep/submit.cgi +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $client_id = $util->get_val($q->param('client_id')); - my $site_id = $util->get_val($q->param('site_id')); - my $email = $util->get_val($q->param('email')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("scep", - "client_id=" . $client_id . ";" . - "site_id=" . $site_id, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/scep/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/submit.vm b/base/ra/apache/docroot/ee/scep/submit.vm deleted file mode 100644 index 6786bf936..000000000 --- a/base/ra/apache/docroot/ee/scep/submit.vm +++ /dev/null @@ -1,76 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>SCEP Router Request Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -Manager Interface -</font><br> -<p> -Your request has been successfully submitted. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td> -</tr> -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/server/admin.cgi b/base/ra/apache/docroot/ee/server/admin.cgi deleted file mode 100755 index 18945da02..000000000 --- a/base/ra/apache/docroot/ee/server/admin.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/server/admin.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/server/admin.vm b/base/ra/apache/docroot/ee/server/admin.vm deleted file mode 100644 index 35af32ca8..000000000 --- a/base/ra/apache/docroot/ee/server/admin.vm +++ /dev/null @@ -1,132 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Server Certificate Request</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - -<SCRIPT LANGUAGE="JavaScript"> - -function validate() -{ - var x = document.enrollment.server_id.value; - if (x == '') { - alert("server id is empty"); - return false; - } - var s = document.enrollment.site_id.value; - if (s == '') { - alert("site id is empty"); - return false; - } - var e = document.enrollment.email.value; - if (e == '') { - alert("email is empty"); - return false; - } - var c = document.enrollment.csr.value; - if (c == '') { - alert("csr is empty"); - return false; - } -} -</SCRIPT> - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/server/index.cgi">Server Enrollment</a><br /> -Server Administrator Interface -</font><br> -<p> -This form is for server administrator to request for a server certificate. -<p> - -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<form name="enrollment" method=post action="submit.cgi">'); - } else { - document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); - } ---> -</script> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Server ID:</td> - <td><input type=text name=server_id value="" ></td> -</tr> -<tr> - <td>Site ID:</td> - <td><input type=text name=site_id value=""></td> -</tr> -<tr> - <td>Your Email:</td> - <td><input type=text name=email value=""></td> -</tr> -<tr> - <td>CSR:</td> - <td><textarea cols=40 rows=5 name=csr></textarea></td> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<tr> - <td><input type=submit name=Submit value="Submit"></td> - <td></td> -</tr> -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/server/index.cgi b/base/ra/apache/docroot/ee/server/index.cgi deleted file mode 100755 index 830409a8b..000000000 --- a/base/ra/apache/docroot/ee/server/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/server/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/server/index.vm b/base/ra/apache/docroot/ee/server/index.vm deleted file mode 100644 index 04727ae41..000000000 --- a/base/ra/apache/docroot/ee/server/index.vm +++ /dev/null @@ -1,76 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/server/index.cgi">Server Enrollment</a><br /> -</font><br> -<p> -Server Administrator must use the following form to submit a request which will later be approved by a RA agent. Upon approval, the administrator will be notified by email and the server certificate can be retrieved. -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="admin.cgi">Request Submission - Administrator</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/server/submit.cgi b/base/ra/apache/docroot/ee/server/submit.cgi deleted file mode 100755 index 4916033ee..000000000 --- a/base/ra/apache/docroot/ee/server/submit.cgi +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $server_id = $util->get_val($q->param('server_id')); - my $site_id = $util->get_val($q->param('site_id')); - my $email = $util->get_val($q->param('email')); - my $csr = $util->get_val($q->param('csr')); - - $csr = $util->normalize_csr($csr); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("server", - "server_id=" . $server_id . ";" . - "site_id=" . $site_id . ";" . - "csr=" . $csr, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/server/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/server/submit.vm b/base/ra/apache/docroot/ee/server/submit.vm deleted file mode 100644 index f08914583..000000000 --- a/base/ra/apache/docroot/ee/server/submit.vm +++ /dev/null @@ -1,75 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Server Certificate Request Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/server/index.cgi">Server Enrollment</a><br /> -Server Administrator Interface -</font><br> -<p> -Your request has been successfully submitted. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/index.cgi b/base/ra/apache/docroot/ee/user/index.cgi deleted file mode 100755 index ef6b3aa47..000000000 --- a/base/ra/apache/docroot/ee/user/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/user/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/index.vm b/base/ra/apache/docroot/ee/user/index.vm deleted file mode 100644 index 76b06a91c..000000000 --- a/base/ra/apache/docroot/ee/user/index.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/user/index.cgi">User Enrollment</a><br /> -</font><br> -<p> -For user enrollment, user must access the following forms with appropriate client (i.e. browser) where key pair will be generated. -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="user.cgi">Request Submission - User</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="renewal.cgi">Renewal - User</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/renew.cgi b/base/ra/apache/docroot/ee/user/renew.cgi deleted file mode 100755 index 63d646ec9..000000000 --- a/base/ra/apache/docroot/ee/user/renew.cgi +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Base::Conf; -use PKI::Request::Queue; -use Template::Velocity; -use PKI::Service::Op; -use PKI::Base::Util; -use PKI::Base::Registry; - -use vars qw (@ISA); -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my $util = PKI::Base::Util->new(); - my $error = ""; - - my $host = $cfg->get("service.machineName"); - my $port = $cfg->get("service.non_clientauth_securePort"); - - $self->debug_params($cfg, $q); - - my $cert = $self->get_cert_record($cfg); - $self->debug_log( $cfg, "after get_cert_record"); - if (!defined($cert) || ($cert eq "")) { - $self->debug_log( $cfg, "cert not defined"); - $error = "certificate not found in database"; - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - $self->debug_log( $cfg, "got cert"); - - my $csr = $cert->{'csr'}; - if ($csr eq "") { - $error = "csr not found in database"; - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - $self->debug_log( $cfg, "got csr"); - - my $req_id = $cert->{'rid'}; - if ($req_id eq "") { - $error = "reqid not found in database"; - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - $self->debug_log( $cfg, "got req_id = $req_id"); - $self->debug_log( $cfg, "before renewl read/create request"); - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $o_req = $queue->read_request($req_id); - if ($o_req eq "") { - $self->debug_log( $cfg, "got null o_req"); - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - - my $uid = ""; - my $site_id = ""; - my $org_csr = ""; - my $csr_type = ""; - - my $data = $o_req->{'data'}; - foreach $nv (split(/;/, $data)) { - my ($n, $v) = split(/=/, $nv); - if ($n eq "uid") { - $uid = $v; - } - if ($n eq "site_id") { - $site_id = $v; - } - if ($n eq "csr") { - $org_csr = $v; - } - if ($n eq "csr_type") { - $csr_type = $v; - } - } - - my $new_request = $queue->create_request("renewal", - "uid=" . $uid . ";" . - "site_id=" . $site_id . ";" . - "csr_type=" . $csr_type . ";" . - "csr=" . $csr, - "orig_reqid=" . $o_req->{'rowid'}, - $o_req->{'created_by'}); - - #self-renewal is created and processed by the same user - $ref = $queue->approve_request($new_request, $o_req->{'created_by'}); - my $nreq = $queue->read_request($new_request); - $error = $nreq->{'errorString'}; - if ($error ne "0") { - $self->debug_log( $cfg, "after approve request, got error=$error"); - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - - my %context; - $context{request_id} = $util->html_encode($new_request); - $self->debug_log($cfg, "request $new_request created"); - $queue->close(); - $self->debug_log( $cfg, "after renewl read/create request $new_request"); - - $context{data} = $util->breakline($util->html_encode($ref->{'data'}), 40); - $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{host} = $util->html_encode($host); - $context{port} = $util->html_encode($port); - - #print $q->redirect("/ee/request/getcert.cgi?id=$new_request"); - my $result = $parser->execute_file_with_context("ee/user/renew.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/renew.vm b/base/ra/apache/docroot/ee/user/renew.vm deleted file mode 100644 index dee119c65..000000000 --- a/base/ra/apache/docroot/ee/user/renew.vm +++ /dev/null @@ -1,86 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>User Certificate Renewal Notification</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="https://$host:$port/ee/index.cgi">RA Services</a> : -<a href="https://$host:$port/ee/user/index.cgi">User Enrollment</a><br /> -Renewal Interface -</font><br> -<p> -Your certificate has been successfully renewed. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="https://$host:$port/ee/request/status.cgi?id=$request_id">$request_id</a></td> -<tr valign="TOP"> -<td><b>Data</b></td> -<td>$data</td> -</tr> -<tr valign="TOP"> -<td><b>Output</b></td> -<td>$output</td> -</tr> -<tr valign="TOP"> -<td><b>Serial Number</b></td> -<td>$serialno</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/renewal.cgi b/base/ra/apache/docroot/ee/user/renewal.cgi deleted file mode 100755 index 63a211eff..000000000 --- a/base/ra/apache/docroot/ee/user/renewal.cgi +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; - -use vars qw (@ISA); -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $host = $cfg->get("service.machineName"); - my $port = $cfg->get("service.securePort"); - - my %context; - $context{url} = "https://$host:$port/ee/user/renew.cgi"; - my $result = $parser->execute_file_with_context("ee/user/renewal.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/renewal.vm b/base/ra/apache/docroot/ee/user/renewal.vm deleted file mode 100644 index 1e2b438a1..000000000 --- a/base/ra/apache/docroot/ee/user/renewal.vm +++ /dev/null @@ -1,73 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>User Certificate Renewal</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/user/index.cgi">User Enrollment</a><br /> -User Renewal Interface -</font><br> -<p> -This form is for end user to renew his/her certificates.<br> -At popup, please select the user certificate to renew. -<p> -<center> -<form method=post action=$url> -<input type=submit name=Submit value="Renewal"> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/submit.cgi b/base/ra/apache/docroot/ee/user/submit.cgi deleted file mode 100755 index 26c900e00..000000000 --- a/base/ra/apache/docroot/ee/user/submit.cgi +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use Benchmark; -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $st = new Benchmark; - - my $util = PKI::Base::Util->new(); - - my $userid = $util->get_val($q->param('uid')); - my $fullname = $util->get_val($q->param('cn')); - my $site_id = $util->get_val($q->param('site_id')); - my $email = $util->get_val($q->param('email')); - my $csr_type = $util->get_alphanum_val($q->param('csr_type')); - my $csr = $util->get_val($q->param('csr')); - - $csr = $util->normalize_csr($csr); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $db_st = new Benchmark; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("user", - "uid=" . $userid . ";" . - "cn=" . $fullname . ";" . - "site_id=" . $site_id . ";" . - "csr_type=" . $csr_type . ";" . - "csr=" . $csr, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - my $db_et = new Benchmark; - - my $t_st = new Benchmark; - my $result = $parser->execute_file_with_context("ee/user/submit.vm", - \%context); - my $t_et = new Benchmark; - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } - - my $et = new Benchmark; - $self->debug_log($cfg, "benchmark " . - "total=" . timestr(timediff($et, $st)) . " " . - "db total=" . timestr(timediff($db_et, $db_st)) . " " . - "template total=" . timestr(timediff($t_et, $t_st)) . " " - ); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/submit.vm b/base/ra/apache/docroot/ee/user/submit.vm deleted file mode 100644 index 6c7a0cd44..000000000 --- a/base/ra/apache/docroot/ee/user/submit.vm +++ /dev/null @@ -1,75 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>User Certificate Request Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/user/index.cgi">User Enrollment</a><br /> -Manager Interface -</font><br> -<p> -Your request has been successfully submitted. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/user.cgi b/base/ra/apache/docroot/ee/user/user.cgi deleted file mode 100755 index 2d58a532b..000000000 --- a/base/ra/apache/docroot/ee/user/user.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/user/user.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/user.vm b/base/ra/apache/docroot/ee/user/user.vm deleted file mode 100644 index 04763d7cf..000000000 --- a/base/ra/apache/docroot/ee/user/user.vm +++ /dev/null @@ -1,435 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<OBJECT - classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" - CODEBASE="/ee/xenroll.dll" - id="Enroll"> -</OBJECT> - -<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'> -</OBJECT> - -<title>User Certificate Request</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - -<SCRIPT LANGUAGE="JavaScript"> -function encode_utf8( s ) -{ - return unescape( encodeURIComponent( s ) ); -} - -function decode_utf8( s ) -{ - return decodeURIComponent( escape( s ) ); -} - -function validate() -{ - var x = document.enrollment.uid.value; - if (x == '') { - alert("uid is empty"); - return false; - } - var e = document.enrollment.email.value; - if (e == '') { - alert("email is empty"); - return false; - } - var cn = document.enrollment.cn.value; - if (cn == '') { - alert("Full name is empty"); - return false; - } - var dn = encode_utf8("uid="+x+",e="+e+",cn="+cn); - with (document.forms[0]) { - crmfObject = crypto.generateCRMFRequest( - dn, - "regToken", "authenticator", - null, - "setCRMFRequest();", - 1024, null, "rsa-dual-use"); - return false; - } -} - -function setCRMFRequest() -{ - with (document.forms[0]) { - csr.value = crmfObject.request; - submit(); - } -} - -</SCRIPT> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/user/index.cgi">User Enrollment</a><br /> -User Interface -</font><br> -<p> -This form is for user to request for an end-user certificate. -<p> -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<form name="enrollment" method=post action="submit.cgi">'); - } else { - document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); - } ---> -</script> -<SCRIPT LANGUAGE=VBS> -<!-- -'Get OS Version, works for Vista and below only -Function GetOSVersion - dim agent - dim result - dim pos - - agent = Navigator.appVersion - pos = InStr(agent,"NT 6.") - - If pos > 0 Then - GetOSVersion = 6 ' Vista - Exit Function - End If - - pos = InStr(agent,"NT 5.") - - If pos > 0 Then - GetOSVersion = 5 ' XP etc - Exit Function - End If - -' Default - GetOSVersion = 5 -End Function - -Sub Send_OnClick - Dim TheForm - Dim szName - Dim options - Dim osVersion - Dim result - Set TheForm = Document.enrollment - - osVersion = GetOSVersion() - - If osVersion <> 6 Then 'Not Vista - - ' Contruct the X500 distinguished name - szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value - - On Error Resume Next - Enroll.HashAlgorithm = "MD5" - Enroll.KeySpec = 1 - - ' Pick the provider that is selected - set options = TheForm.all.cryptprovider.options - index = options.selectedIndex - Enroll.providerType = options(index).value - Enroll.providerName = options(index).text - - ' adding 2 to "GenKeyFlags" will enable the 'High Security' - ' (USER_PROTECTED) mode, which means IE will pop up a dialog - ' asking what level of protection you would like to give - ' the key - this varies from 'none' to 'confirm password - ' every time the key is used' - Enroll.GenKeyFlags = 1 ' key PKCS12-exportable - szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - theError = Err.Number - On Error Goto 0 - ' - ' If the user has cancelled things the we simply ignore whatever - ' they were doing ... need to think what should be done here - ' - If (szCertReq = Empty AND theError = 0) Then - Exit Sub - End If - - If (szCertReq = Empty OR theError <> 0) Then - ' - ' There was an error in the key pair generation. The error value - ' is found in the variable 'theError' which we snarfed above before - ' we did the 'On Error Goto 0' which cleared it again. - ' - sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." - result = MsgBox(sz, 0, "Credentials Enrollment") - Exit Sub - End If - - TheForm.csr.Value = szCertReq - - ' TheForm.Submit - -Else 'Vista - Dim enrollment - Dim privateKey - Dim request - Dim csr - Dim objDN - - 'certUsage is "1.3.6.1.5.5.7.3.2" - - On Error Resume Next - 'CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") - - If IsObject(g_objClassFactory) = False Then - result = MsgBox("Can't create Factory Object " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - Set enrollment = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") - - If IsObject(enrollment) = False Then - result = MsgBox("Can't create enroll Object! " & " Error: " & Err.number & " :" & Err.description,"") - Exit Sub - End If - - Set privateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") - - If IsObject(privateKey) = False Then - result = MsgBox("Can't create Key Object! " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - Set request = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") - - If IsObject(request) = False Then - result = MsgBox("Can't create Request Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - privateKey.KeySpec= "1" - - ' Pick the provider that is selected - set options = TheForm.all.cryptprovider.options - index = options.selectedIndex - privateKey.ProviderType= index - privateKey.ProviderName = options(index).text - - szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value - - Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") - - If IsObject(objDN) = False Then - result = MsgBox("Can't create DN Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - objDN.Encode szName,0 - - request.InitializeFromPrivateKey 1,privateKey,"" - request.Subject = objDN - - enrollment.InitializeFromRequest(request) - csr=enrollment.CreateRequest(1) - - If len(csr) = 0 Then - result = MsgBox("Error Creating Request! "& " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - TheForm.csr.Value = csr - - End If - Exit Sub - -End Sub - ---> -</SCRIPT> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td>UID:</td> - <td><input type=text name=uid value=""></td> -</tr> -<tr> - <td>Full Name:</td> - <td><input type=text name=cn value=""></td> -</tr> -<tr> - <td>Site ID:</td> - <td><input type=text name=site_id value=""></td> -</tr> -<tr> - <td>Your Email:</td> - <td><input type=text name=email value=""></td> -</tr> -<tr> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); - } ---> -</script> -<tr> - <td> -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<input type=hidden name=csr_type value="pkcs10">'); - document.writeln('<input type=submit Name=Send value="Submit">'); - } else { - document.writeln('<input type=hidden name=csr_type value="crmf">'); - document.writeln('<input type=submit name=Submit value="Submit">'); - } ---> -</script> - </td> - <td></td> -</tr> -</table> -</center> -<input type=hidden name="csr" value=""> -<SCRIPT LANGUAGE=VBS> -<!-- -FindProviders - -Function FindProviders - Dim i, j - Dim providers() - i = 0 - j = 1 - Dim el - Dim temp - Dim first - Dim TheForm - Set TheForm = document.enrollment - On Error Resume Next - first = 0 - - Dim osVersion - Dim result - osVersion = GetOSVersion() - - If osVersion <> 6 Then 'Not Vista - Do While True - temp = "" - Enroll.providerType = j - temp = Enroll.enumProviders(i,0) - If Len(temp) = 0 Then - If j < 1 Then - j = j + 1 - i = 0 - Else - Exit Do - End If - Else - set el = document.createElement("OPTION") - el.text = temp - el.value = j - If temp = "Microsoft Base Cryptographic Provider v1.0" Then - first = i - End If - TheForm.cryptprovider.add(el) - If first = 0 Then - first = 1 - TheForm.cryptprovider.selectedIndex = 0 - Else - TheForm.cryptprovider.selectedIndex = first - End If - i = i + 1 - End If - Loop - Else 'Vista - - Dim csps - Set csps = g_objClassFactory.CreateObject("X509Enrollment.CCspInformations") - If IsObject(csps) = False Then - result = MsgBox("Can't create CSP List Object! " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Function - - End If - csps.AddAvailableCsps() - 'result = MsgBox(csps.Count,0,"Number of CSPS") - - Dim curName - Dim csp - Dim selected - selected = 0 - For i = 0 to csps.Count-1 - - curName = csps.ItemByIndex(i).Name - If len(curName) > 0 Then - Set csp = document.createElement("OPTION") - csp.text = curName - csp.value = 1 - TheForm.cryptprovider.add(csp) - - If curName = "Microsoft Base Cryptographic Provider v1.0" Then - selected = i - End If - 'result = MsgBox(curName,0,"") - End If - Next -TheForm.cryptprovider.selectedIndex = selected - End If -End Function - ---> -</SCRIPT> -</form> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/footer.vm b/base/ra/apache/docroot/footer.vm deleted file mode 100644 index a596e45b1..000000000 --- a/base/ra/apache/docroot/footer.vm +++ /dev/null @@ -1,19 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - <div id="footer"> - </div> diff --git a/base/ra/apache/docroot/header.vm b/base/ra/apache/docroot/header.vm deleted file mode 100644 index 3824b87f3..000000000 --- a/base/ra/apache/docroot/header.vm +++ /dev/null @@ -1,26 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<div id="header"> - <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> - <div id="headertitle"> - <a href="/" title="Dogtag homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - <dl><dt><span></span></dt><dd></dd></dl> - </div> -</div> diff --git a/base/ra/apache/docroot/index.cgi b/base/ra/apache/docroot/index.cgi deleted file mode 100755 index 0e643166b..000000000 --- a/base/ra/apache/docroot/index.cgi +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - $::symbol{machineName} = $cfg->get("service.machineName"); - $::symbol{non_clientauth_securePort} = $cfg->get("service.non_clientauth_securePort"); - $::symbol{securePort} = $cfg->get("service.securePort"); - $::symbol{unsecurePort} = $cfg->get("service.unsecurePort"); - - my $result = $parser->execute_file("index.vm"); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%::symbol); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/index.vm b/base/ra/apache/docroot/index.vm deleted file mode 100644 index f17efb658..000000000 --- a/base/ra/apache/docroot/index.vm +++ /dev/null @@ -1,90 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Services</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -Certificate System RA Services Page -</font><br> -<p> -</font> -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="https://$machineName:$non_clientauth_securePort/ee/index.cgi">SSL End Users Services</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="https://$machineName:$securePort/agent/index.cgi">Agent Services</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="https://$machineName:$securePort/admin/index.cgi">Administrator Services</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/adminauthenticatepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/adminauthenticatepanel.vm deleted file mode 100644 index b27042cfb..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/adminauthenticatepanel.vm +++ /dev/null @@ -1,52 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>Authentication</h2> -<p> -The uid and password are used to authenticate to the master subsystem. These are the administrator's credential information for the master subsystem. -#if ($systemType != "tps") -<br/> -If authentication is successful, a cloned subsystem will retrieve the configuration information from the master one. -#end -<br/> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <table class="details"> - <tr> - <th>Uid:</th> - - <td><input type="text" size="40" name="uid" value="$uid"/></td> - </tr> - <tr> - <th>Password:</th> - - <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td> - </tr> - </table> -<p> diff --git a/base/ra/apache/docroot/ra/admin/console/config/adminpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/adminpanel.vm deleted file mode 100644 index 3c32c4901..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/adminpanel.vm +++ /dev/null @@ -1,237 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT ID=Send_OnClick type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { -#if ($import == 'true' && $clone != 'clone') - var email = document.forms[0].email.value; - var name = document.forms[0].name.value; - var o = '$securityDomain'; - if (name == '') { - alert("Name is empty"); - return; - } - if (email == '') { - alert("Email is empty"); - return; - } - var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o; - document.forms[0].subject.value = dn; - var keyGenAlg = "rsa-dual-use"; - - if (navigator.appName == "Netscape" && - typeof(crypto.version) != "undefined") { - - crmfObject = crypto.generateCRMFRequest( - dn, "regToken", "authenticator", null, - "setCRMFRequest();", 1024, null, keyGenAlg); - } else { - Send_OnClick(); - } -#else - with (document.forms[0]) { - submit(); - } -#end -} - -function setCRMFRequest() -{ - with (document.forms[0]) { - cert_request.value = crmfObject.request; - submit(); - } -} - -</SCRIPT> -<SCRIPT type="text/VBS"> -<!-- - -Sub Send_OnClick - Dim TheForm - Dim szName - Set TheForm = Document.f - - - ' Contruct the X500 distinguished name - szName = "CN=NAME" - - ' IE doesnt like the dn containing the O component - - On Error Resume Next - Enroll.HashAlgorithm = "MD5" - Enroll.KeySpec = 1 - - Enroll.providerType = 1 - Enroll.providerName = "Microsoft Base Cryptographic Provider v1.0" - - ' adding 2 to "GenKeyFlags" will enable the 'High Security' - ' (USER_PROTECTED) mode, which means IE will pop up a dialog - ' asking what level of protection the user would like to give - ' the key - this varies from 'none' to 'confirm password - ' every time the key is used' - Enroll.GenKeyFlags = 1 ' key PKCS12-exportable - szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - - theError = Err.Number - On Error Goto 0 - ' - ' If the user has cancelled things the we simply ignore whatever - ' they were doing ... need to think what should be done here - ' - If (szCertReq = Empty AND theError = 0) Then - Exit Sub - End If - If (szCertReq = Empty OR theError <> 0) Then - ' - ' There was an error in the key pair generation. The error value - ' is found in the variable 'theError' which we snarfed above before - ' we did the 'On Error Goto 0' which cleared it again. - ' - sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "The credentials could not be generated." - result = MsgBox(sz, 0, "Credentials Enrollment") - Exit Sub - End If - - TheForm.cert_request.Value = szCertReq - TheForm.cert_request_type.Value = "pkcs10" - TheForm.subject.Value = "cn=" & TheForm.name.Value & ",uid=" & TheForm.uid.Value & ",e=" & TheForm.email.Value & ",o=" & TheForm.securitydomain.Value - - TheForm.Submit - Exit Sub - -End Sub - ---> -</SCRIPT> - -<SCRIPT type="text/VBS"> -<!-- -FindProviders - -Function FindProviders - Dim i, j - Dim providers() - i = 0 - j = 1 - Dim el - Dim temp - Dim first - Dim TheForm - Set TheForm = document.f - On Error Resume Next - first = 0 - - Do While True - temp = "" - Enroll.providerType = j - temp = Enroll.enumProviders(i,0) - If Len(temp) = 0 Then - If j < 1 Then - j = j + 1 - i = 0 - Else - Exit Do - End If - Else - set el = document.createElement("OPTION") - el.text = temp - el.value = j - If temp = "Microsoft Base Cryptographic Provider v1.0" Then - first = j - End If - TheForm.cryptprovider.add(el) - If first = 0 Then - first = 1 - TheForm.cryptprovider.selectedIndex = 0 - Else - TheForm.cryptprovider.selectedIndex = first - End If - i = i + 1 - End If - Loop -End Function - ---> -</SCRIPT> -The administrator is a privileged user who manages this subsystem. Please enter the following relevant information, and a certificate request will be automatically generated and submitted. An administrator's entry will be created in the internal database and an administrator's certificate will be imported into this browser automatically in the next panel. -<br/> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> - <br/> - - <table class="details"> - <tr> - <th>UID:</th> -#if ($clone != 'clone') - <td><input type=text name=uid value="$admin_uid"></td> -#else - <td><input type=text name=uid value="$admin_uid" disabled="disabled"></td> -#end - </tr> - <tr> - <th>Name:</th> -#if ($clone != 'clone') - <td><input size=35 type=text name=name value="$admin_name"></td> -#else - <td><input size=35 type=text name=name value="$admin_name" disabled="disabled"></td> -#end - </tr> - <tr> - <th>Email:</th> -#if ($clone != 'clone') - <td><input size=35 type=text name=email value="$admin_email"></td> -#else - <td><input size=35 type=text name=email value="$admin_email" disabled="disabled"></td> -#end - </tr> - <tr> - <th>Password:</th> -#if ($clone != 'clone') - <td><input type="password" size="40" name="__pwd" value="$admin_pwd" autocomplete="off"/></td> -#else - <td><input type="password" size="40" name="__pwd" value="$admin_pwd" disabled="disabled" autocomplete="off"/></td> -#end - </tr> - <tr> - <th>Password (Again):</th> - -#if ($clone != 'clone') - <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" autocomplete="off"/></td> -#else - <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" disabled="disabled" autocomplete="off"/></td> -#end -<input type="hidden" name="cert_request" value=""/> -<input type="hidden" name="display" value=$displayStr /> -<input type="hidden" name="profileId" value="caAdminCert" /> -<input type="hidden" name="cert_request_type" value="crmf" /> -<input type="hidden" name="import" value=$import /> -<input type="hidden" name="uid" value="admin" /> -<input type="hidden" name="clone" value=$clone /> -<input type="hidden" name="securitydomain" value="$securityDomain" /> -<input type="hidden" name="subject" value="cn=x" /> - </tr> - </table> - <div align="right"> - <hr /> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/agentauthenticatepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/agentauthenticatepanel.vm deleted file mode 100644 index abb7678ae..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/agentauthenticatepanel.vm +++ /dev/null @@ -1,48 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>Authentication</h2> -<br/> -The uid and password are used to authenticate to the CA from which this subsystem's certificates are issued. Enter the uid and password of the Certificate Manager Agent who will approve the certificate requests. -<br/> -#if ($errorString != "") -<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <table class="details"> - <tr> - <th>Uid:</th> - - <td><input type="text" size="40" name="uid" value="$uid"/></td> - </tr> - <tr> - <th>Password:</th> - - <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td> - </tr> - </table> -<br/> diff --git a/base/ra/apache/docroot/ra/admin/console/config/authdbpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/authdbpanel.vm deleted file mode 100644 index f2e0697e7..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/authdbpanel.vm +++ /dev/null @@ -1,66 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> - Please provide information about the LDAP server that will be used to authenticate the identity of end users. <a href="javascript: toggle_details();">[Details]</a> -<script> -function toggle_details() { - d = document.getElementById('details'); if (d.style.display == "block") { - d.style.display="none"; } else { - d.style.display="block"; - } } </script> -<div id=details style="display: none;"> <p> - In order for ESC to submit certificate requests to TPS, the end user's identity must first be verified. To accomplish this, an end user first sends a uid and password to TPS. TPS must then contact an LDAP server (e.g. - a corporate LDAP directory server) to verify this end user's identity. -<p> -If the end user's identity is successfully verified, TPS will establish an authenticated connection with this ESC, and begin accepting certificate requests and issuing certificates to this end user. -<p> -If, however, the end user's identity fails to be verified, TPS will not establish a connection with this ESC. TPS never issues certificates to unauthenticated end users. -</div> -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<p> - - <table class="details"> - <tr> - <th>Host:</th> - <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td> - </tr> - - <tr> - <th>Port:</th> - - <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td> - </tr> - <tr> - <th>Base DN:</th> - <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td> - </tr> - </table> - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/cainfopanel.vm b/base/ra/apache/docroot/ra/admin/console/config/cainfopanel.vm deleted file mode 100644 index 933861a93..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/cainfopanel.vm +++ /dev/null @@ -1,55 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -</SCRIPT> -A Certificate Authority (CA) is responsible for issuing different kinds of certificates. Select an HTTPS EE URL of a CA from the list below. -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<p> - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> - - - <div align="right"> - <hr /> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/certchainpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/certchainpanel.vm deleted file mode 100644 index 08bcc1331..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/certchainpanel.vm +++ /dev/null @@ -1,49 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<b>Pretty Print of Certificates on this subsystem. -<p> -#foreach ($item in $ppcerts) -<H2>$item.getDN()</H2> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Certificate: $item.getNickname()</b></td> -</tr> - -<tr> - <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td> -</tr> -</table> -#end - - <br/> - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/certprettyprintpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/certprettyprintpanel.vm deleted file mode 100644 index ac8da10ee..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/certprettyprintpanel.vm +++ /dev/null @@ -1,49 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -The following certificates were installed on this instance. -<p> -#foreach ($item in $ppcerts) -<H2>$item.getDN()</H2> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Certificate: $item.getNickname()</b></td> -</tr> - -<tr> - <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td> -</tr> -</table> -#end - - <br/> - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/certrequestpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/certrequestpanel.vm deleted file mode 100644 index f1327db47..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/certrequestpanel.vm +++ /dev/null @@ -1,225 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<style type="text/css"> - -.floating { - position: absolute; - left: 250px; - top: 50px; - width: 600px; - padding: 3px; - border: solid; - border-width: 5px; - background: white; - display: none; - margin: 5px; -} -</style> -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -function showcert(element, event) -{ - var x = event.clientX; - var y = event.clientY; - - var content = element.getAttribute("content"); - var content_d = element.getAttribute("content_desc"); - - if (content == null) { return false; } - - var n = element.getAttribute("n"); - - var editableType = element.getAttribute("editableType"); - var desc; - var d; - var c; - if (editableType == "cert") - { - d = document.getElementById(n+"_editCertDiv"); - c = document.getElementById(n+"_text"); - desc = document.getElementById(n+"_desc_t"); - } else if (editableType == "certchain") { - d = document.getElementById(n+"_editCertChainDiv"); - c = document.getElementById(n+"_cc_text"); - desc = document.getElementById(n+"_cc_desc_t"); - } else { - d = document.getElementById(n+"_showCertDiv"); - c = document.getElementById(n+"_pre"); - desc = document.getElementById(n+"_desc_p"); - } - - if (desc.hasChildNodes()) - { - desc.removeChild(desc.childNodes[0]); - } - var content_desc = document.createTextNode(content_d); - desc.appendChild(content_desc); - - if (c.hasChildNodes()) - { - c.removeChild(c.childNodes[0]); - } - var content_text = document.createTextNode(content); - c.appendChild(content_text); - - d.style.left = x+30; // x-offset of floating div - assumedheight = 1000; - - var offset = 20; // extra y-offset of floating div - var bottom = y + offset + assumedheight; - if (bottom > window.innerHeight) { - offset = 0 - (2*offset) - assumedheight; - } - - d.style.top = y+ offset +document.body.scrollTop; - - // unhide the window - d.style.display ="block"; - -} - -function hide(tag) -{ - document.getElementById(tag+"_showCertDiv").style.display ="none"; - document.getElementById(tag+"_editCertDiv").style.display ="none"; - document.getElementById(tag+"_editCertChainDiv").style.display ="none"; -} - -</SCRIPT> -A certificate signing request (CSR) contains a public key and is an unsigned copy of the certificate. -<p> -If a given CSR has been successfully signed by a CA, then the certificate will be designated below by a certificate icon labeled Certificate Generated Successfully. -<p> -However, if a given CSR contains an <font color="red">action required</font> label under its certificate icon, then those requests must be <i>manually</i> submitted to a CA for certificate generation. -<p> -Press the [Apply] button after certificates and chains are pasted in. -<p> -Press the [Next] button once all certificates have been generated successfully. -<p> -#foreach ($item in $reqscerts) -<H2>$item.getDN()</H2> -<table width=100%> -<tr> - <td width=10%></td> - <td width=20%></td> - <td width=70%></td> -</tr> - -<tr> - <td> </td> -#if ($item.getCert() == "...paste certificate here...") - <td><font color=red>action required</font><br> -<img src="/pki/images/no-certificate.png"/></td> -#else - #if ($item.getCert() == "...certificate be generated internally...") -<td> - <img src="/pki/images/no-certificate.png"/><br> - certificate will be generated internally - </td> - #else - #if ($item.getCert() == "") - <td> -<img src="/pki/images/no-certificate.png"/><br> - No Certificate Generated. Please import.<br> - </td> - #else - <td> -<img src="/pki/images/certificate.png"/><br> - Certificate Generated Successfully - </td> - #end - #end -#end - -<td> - - -#if ($item.getCert() == "...paste certificate here...") -<a content="$item.getRequest()" content_desc="Copy the following Certificate Request (CSR) and paste it in the external CA enrollment page for enrollment" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> Step 1: Copy the Certificate Request (CSR) to enroll at an external CA</a><p> -<a content="" content_desc="Copy the base64-encoded PKCS #7 certificate chain into the text box below and press 'X'" n="$item.getCertTag()" editableType="certchain" href="#" onclick="showcert(this,event);"> Step 2: Import the PKCS #7 Certificate Chain (optional if the certificate already contains the chain)</a><p> -<a content="$item.getCert()" content_desc="Copy the resulting base64-encoded certificate (NOTE: PKCS #7 not accepted) into the text box below and press 'X'" n="$item.getCertTag()" editableType="cert" href="#" onclick="showcert(this,event);"> Step 3: Paste in the Base64-encoded Certificate after enrollment at an external CA (NOTE: this text box does not accept PKCS #7 certificate chains)</a><p> -#else - #if ($item.getCert() == "...certificate be generated internally...") -<p> - #else -<a content="$item.getRequest()" content_desc="Certificate Request (CSR)" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Request (CSR)</a><p> -<a content="$item.getCert()" content_desc="Certificate in Base64 encoding" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate in Base64-Encoding</a><p> -<a content="$item.getCertpp()" content_desc="Certificate in pretty print" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Pretty Print</a><p> - #end -#end - - -</td> -</tr> -</table> - -<div id="$item.getCertTag()_showCertDiv" class="floating"> -<div align="right" onclick="hide('$item.getCertTag()');">X</div> -<table id="$item.getCertTag()_stable" width="100%"> -<tr> -<td id="$item.getCertTag()_desc_p"></td> -</tr> -<tr> -<td><pre name="$item.getCertTag()" id="$item.getCertTag()_pre">$item.getCert()</pre></td> -</tr> -</table> -</div> - -<div id="$item.getCertTag()_editCertDiv" class="floating"> -<div align="right" onclick="hide('$item.getCertTag()');">X</div> -<table id="$item.getCertTag()_etable" width="100%"> -<tr> -<td id="$item.getCertTag()_desc_t"></td> -</tr> -<tr> -<td><textarea rows=30 cols=90 name="$item.getCertTag()" id="$item.getCertTag()_text" style="font-family: monospace;">$item.getCert()</textarea></td> -</tr> -</table> -</div> - -<div id="$item.getCertTag()_editCertChainDiv" class="floating"> -<div align="right" onclick="hide('$item.getCertTag()');">X</div> -<table id="$item.getCertTag()_cc_etable" width="100%"> -<tr> -<td id="$item.getCertTag()_cc_desc_t"></td> -</tr> -<tr> -<td><textarea rows=30 cols=90 name="$item.getCertTag()_cc" id="$item.getCertTag()_cc_text" style="font-family: monospace;"></textarea></td> -</tr> -</table> -</div> - - -#end - - <p> - - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_addhsm.vm b/base/ra/apache/docroot/ra/admin/console/config/config_addhsm.vm deleted file mode 100644 index 839cff56a..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_addhsm.vm +++ /dev/null @@ -1,96 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> -<SCRIPT LANGUAGE="JavaScript"> - function checkClose() { - if ('$status' == "update" && '$error' == '') { - window.close(); - } - } - -</SCRIPT> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - - - <body onLoad="checkClose();"><div id="wrap"><div id="wrap"> - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td class="page-content" width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Security Modules</h1> -Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. -<p> -<H2>Registering a New Security Module</H2> -<form name=configForm action="config_addhsm" method="post"> -<p> -If the desired security module is not listed, it is possible that this security module's PKCS #11 library was not registered with the system. Please register a new security module here. -<table> -<tr> - <td> -Library Path: <input type=text name="modulePath" value=""> - </td> -</tr> -<tr> - <td> -Module Name: <input type=text name="moduleName" value=""> - </td> -<tr> -</tr> -</table> -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="configForm.submit()" type=button name=config_addhsm_next value="Apply"> - </td> -</tr> -</table> -</form> - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_db.vm b/base/ra/apache/docroot/ra/admin/console/config/config_db.vm deleted file mode 100644 index 10e1cd2dc..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_db.vm +++ /dev/null @@ -1,126 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> - -<SCRIPT LANGUAGE="JavaScript"> - function donePanel(errorStr, displayS) { - if (displayS == "loaded") { - if (errorStr == '') { - window.close(); - } - } - } -</SCRIPT> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - - - <body onLoad="donePanel('$errorString', '$displayStr')"> -<div id="wrap"> -#include ( "admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Internal Database </h1> - - <form name=configForm action="config_db" method="post"> - <b>Internal Database Connection</b> <p>This option allows sharing an internal database to improve managability.<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <table class="details"> - <tr> - <th>Host:</th> - - <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td> - </tr> - - <tr> - <th>Port:</th> - - <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td> - </tr> - <tr> - <th>Base DN:</th> - <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td> - </tr> - <tr> - <th>Database:</th> - - <td><input type="text" length="128" size="40" name="database" value="$database" /></td> - </tr> - <tr> - <th>Bind DN:</th> - <td><input type="text" length="128" size="40" name="binddn" value="$binddn" /></td> - </tr> - <tr> - <th>Bind Password:</th> - - <td><input type="password" length="128" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td> - </tr> - <td><input type="hidden" name="display" value=$displayStr /></td> - </table> - - <div align="right"> - <hr /> - - </div> - - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="configForm.submit()" type="button" name="config_db_next" value="Apply"> - </td> -</tr> -</table> - - </form> - - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_hsm.vm b/base/ra/apache/docroot/ra/admin/console/config/config_hsm.vm deleted file mode 100644 index 8812c5b36..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_hsm.vm +++ /dev/null @@ -1,176 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> -<SCRIPT LANGUAGE="JavaScript"> - function checkClose() { - if ('$status' == "update" && '$error' == '') { - window.close(); - } - } - -</SCRIPT> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - - - <body onLoad="checkClose();"><div id="wrap"> - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -#include ( "admin/console/config/topmenu.vm" ) - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Security Modules </h1> - -<form name=configForm action="config_hsm" method="post"> - -Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. Please make sure that at least one security module is listed below. -<p> -<H2>Supported Security Modules</H2> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Module/Token</b></td> - <td width=10%><b>Status</b></td> - <td width=10%><b>Default</b></td> - <td width=10%><b>Operations</b></td> -</tr> -#foreach ($module in $sms) -<tr bgcolor="#eeeeee"> - <td><img src=$module.getImagePath()><br>$module.getUserFriendlyName()</td> - <td> - #if ($module.isFound()) - Found - #else - Not Found - #end - </td> - <td></td> - <td></td> -</tr> -#foreach ($token in $module.getTokens()) -<tr> - <td>- $token.getNickName()</td> - <td> - #if ($token.isLoggedIn()) - Logged In - #else - Not logged In - #end - </td> - <td> - #if ($defTok == $token.getNickName()) - <input checked type=radio name="choice" value="$token.getNickName()"> - #else - <input type=radio name="choice" value="$token.getNickName()"> - #end - </td> - <td></td> -</tr> -#end -#end - -</table> -<H2>Other Security Modules</H2> -<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Module/Token</b></td> - <td width=10%><b>Status</b></td> - <td width=10%><b>Default</b></td> - <td width=10%><b>Operations</b></td> -</tr> -#foreach ($module in $oms) -<tr bgcolor="#eeeeee"> - <td>$module.getUserFriendlyName()</td> - <td> - #if ($module.isFound()) - Found - #else - Not Found - #end - </td> - <td></td> - <td></td> -</tr> -#foreach ($token in $module.getTokens()) -<tr> - <td>- $token.getNickName()</td> - <td> - #if ($token.isLoggedIn()) - Logged In - #else - Not logged In - #end - </td> - <td> - #if ($defTok == $token.getNickName()) - <input checked type=radio name="choice" value="$token.getNickName()"> - #else - <input type=radio name="choice" value="$token.getNickName()"> - #end - </td> - <td></td> -</tr> -#end -#end - -</table> - - </td> -</tr> -</table> -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="configForm.submit()" type=button name=config_hsm value="Apply"> - </td> -</tr> -</table> -</form> - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_hsmloginpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/config_hsmloginpanel.vm deleted file mode 100644 index 46d8ae0ea..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_hsmloginpanel.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> - <h1> - Security Modules Login Panel</h1> -Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. -<p> -<H2>Security Token Login</H2> -<form name=configHSMLoginForm action="config_hsmlogin" method="post"> -<p> -The user has chosen to login to the following security module: <b>$SecToken</b> -<p> -#if ($status == "alreadyLoggedIn") - Token already logged in. -#else - #if ($status == "tokenPasswordNotInitialized") - Token password not initialized. - #else - #if ($status == "justLoggedIn") - Token logged in successfully. - #else -<table> -<tr> - <td> -Security Module Token Name: <b><input type=text name="uTokName" value="$SecToken"></b> - </td> -</tr> -<tr> - <td> -Security Module Token Password: <input type=password name="__uPasswd" value="" autocomplete="off"> - </td> -<tr> -</tr> -</table> -<p> - #end - #end -#end - -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> - - </td> -</tr> -</table> - </td> - </tr> - </table> - - <p> - - <div align="right"> - <hr /> - - </div> - - diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_join.vm b/base/ra/apache/docroot/ra/admin/console/config/config_join.vm deleted file mode 100644 index d5adb78f3..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_join.vm +++ /dev/null @@ -1,125 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - -<SCRIPT LANGUAGE="JavaScript"> - function checkClose() { - if ('$status' == "update" && '$error' == '') { - window.close(); - } - } -</SCRIPT> - - - <body onLoad="checkClose();"> -<div id="wrap"> - -#include ( "admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Join the PKI Network </h1> - -To join this PKI network, the setup wizard needs to submit the certificate request to a Root or another subordinate CA for signing. - <p> - <form action="config_join" method="post" name="f"> - -<input type=radio $check_manual name="choice" value="manual">Manually submit this request to a CA. -<p> -<table width=100%> -<tr> - <td width=50%>Certificate Request to a CA:</td> - <td>Certificate Chain From a CA:</td> - </td> -</tr> -<tr> - <td> -<textarea rows=8 cols=40 name="req">$certreq</textarea> - </td> - <td> -<textarea rows=8 cols=40 name="cert">$cert</textarea> - </td> -</tr> -</table> -<p> -<input type=radio $check_auto name="choice" value="auto">Automatically submit the request to a Dogtag Certificate Authority -<br> - <table class="details"> - <tr> - <th width=10%>URL:</th> - <td><input type="text" length="128" size="40" name="url" value="https://localhost" /></td> - </tr> - - <tr> - <th>UID:</th> - <td><input type="text" length="64" size="40" name="uid" value="agent" /></td> - </tr> - <tr> - <th>Password:</th> - <td><input type="password" length="64" size="40" name="__pwd" value="" autocomplete="off" /></td> - </tr> - </table> -<p> - - <div align="right"> - <hr /> - </div> - - </form> - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="javascript: document.f.submit();" type=button name=next value="Apply"> - </td> -</tr> -</table> - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_rootca.vm b/base/ra/apache/docroot/ra/admin/console/config/config_rootca.vm deleted file mode 100644 index 4cf5ea946..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_rootca.vm +++ /dev/null @@ -1,113 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - -<SCRIPT LANGUAGE="JavaScript"> - function checkClose() { - if ('$status' == "update" && '$error' == '') { - window.close(); - } - } -</SCRIPT> - - - <body onLoad="checkClose();"> -<div id="wrap"> - -#include ( "admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Root CA </h1> - -A Root CA provides a set of predefined signing capabilities. Please select the capabilities that this CA needs to provide. - <p> - -<form name="f" action="config_rootca" method="post"> - -<H2>CA Certificate Profile</H2> - -<p> - <table class="details"> - <tr> - <th width=10%>Profile:</th> - - <td><select name="profile"> -#foreach ($p in $profiles) -#if ($p.getID() == $selected_profile_id) - <option selected value="$p.getID()">$p.getName()</option> -#else - <option value="$p.getID()">$p.getName()</option> -#end -#end - </select> - </td> - </tr> - </table> -<p> - - <div align="right"> - <hr /> - - </div> - - </form> - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="javascript: document.f.submit()" type=button name=next value="Apply"> - </td> -</tr> -</table> - - - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/createsubsystempanel.vm b/base/ra/apache/docroot/ra/admin/console/config/createsubsystempanel.vm deleted file mode 100644 index feee8962f..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/createsubsystempanel.vm +++ /dev/null @@ -1,95 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>Subsystem Configuration</h2> -<p> -This instance can be configured as a new $systemname subsystem. -<br/> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> -<b><input $check_newsubsystem type=radio name=choice value="newsubsystem"> Configure this Instance as a New $systemname Subsystem </b> -<br/> - <table class="details"> - <tr> - <th>Subsystem Name: </th> - <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname)</td> - </tr> - <tr> - <th>Subsystem HTTP URL (unsecure): </th> - <td>http://$machineName:$http_port</td> - </tr> - <tr> - <th>Subsystem HTTPS URL (clientauth): </th> - <td>https://$machineName:$https_port</td> - </tr> - <tr> - <th>Subsystem HTTPS URL (non-clientauth): </th> - <td>https://$machineName:$non_clientauth_https_port</td> - </tr> - </table> -<p> -#if ($disableClone) -<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem" disabled="disabled"> Clone an Existing $systemname Subsystem </b> -#else -<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem"> Clone an Existing $systemname Subsystem </b> -#end -<br/> - <table class="details"> - <tr> - <th>Subsystem Name: </th> -#if ($disableClone) - <td><input disabled="disabled" type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname - Clone 1)</td> -#else - <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname - Clone 1)</td> -#end - </tr> - <tr> - <th>Subsystem URL: </th> -#if ($disableClone) - <td><select name="urls" disabled="disabled"> -#else - <td><select name="urls"> -#end - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #else - <option selected value="none">NONE</option> - #end - </select> - </td> - </tr> - </table> -<br/> diff --git a/base/ra/apache/docroot/ra/admin/console/config/databasepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/databasepanel.vm deleted file mode 100644 index a887176ab..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/databasepanel.vm +++ /dev/null @@ -1,53 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -An SQL Lite database will be created to store RA internal information. -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> -<div id=details style="display: none;"> -<p> -</div> -<p> -<br/> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/displaycertchain2panel.vm b/base/ra/apache/docroot/ra/admin/console/config/displaycertchain2panel.vm deleted file mode 100644 index eff21eca4..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/displaycertchain2panel.vm +++ /dev/null @@ -1,41 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<p> -A certificate chain is a list of all certificates chained up to the root. -<p> -If the entire certificate chain is displayed below, click the Next button to import it into this subsystem. This certificate chain will then be trusted for this instance. -<p> -If no certificate chain is listed below, simply click the Next button to move on to the next panel. -<p> -<pre> -$certchain -</pre> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end diff --git a/base/ra/apache/docroot/ra/admin/console/config/displaycertchainpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/displaycertchainpanel.vm deleted file mode 100644 index d5e32263a..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/displaycertchainpanel.vm +++ /dev/null @@ -1,41 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<br/> -A certificate chain is a list of all certificates chained up to the root. -<br/> -If a certificate chain is displayed below, click the Next button to trust this certificate chain for this instance. -<br/> -If no certificate chain is listed below, simply click the Next button to move on to the next panel. -<br/> -<pre> -$certchain -</pre> -#if ($errorString != "") -<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end diff --git a/base/ra/apache/docroot/ra/admin/console/config/donepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/donepanel.vm deleted file mode 100644 index dcfe08ed4..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/donepanel.vm +++ /dev/null @@ -1,41 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<input type="hidden" name="host" value=$host /> -<input type="hidden" name="port" value=$port /> -<input type="hidden" name="systemType" value=$systemType /> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -As 'root', restart the server on the command line by typing "$restartCommand". After performing this restart, the server should become operational. -<br/> -Please go to the <A href="https://$host:$non_clientauth_port"><b>services page</b></A> to access all of the available interfaces. -<br/> -<br/> -To create additional instances, type "/usr/bin/pkicreate" on the command line. -<br/> diff --git a/base/ra/apache/docroot/ra/admin/console/config/drminfopanel.vm b/base/ra/apache/docroot/ra/admin/console/config/drminfopanel.vm deleted file mode 100644 index c26f3c0c2..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/drminfopanel.vm +++ /dev/null @@ -1,56 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -</SCRIPT> -A Data Recovery Manager (DRM) is responsible for server-side key generation, archival, and recovery. If server-side key generation is not needed, this step can be skipped. -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -<p> -#end -<b><input checked type=radio name=choice value="keygen"> Connect this instance to an HTTPS Agent URL of a DRM to support server-side key generation.</b> -<p> -<p> - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> - <div align="right"> - <hr /> - </div> -<p> -<b><input type=radio name=choice value="nokeygen"> Configure this instance to NOT support server-side key generation.</b> -<p> diff --git a/base/ra/apache/docroot/ra/admin/console/config/footer.vm b/base/ra/apache/docroot/ra/admin/console/config/footer.vm deleted file mode 100644 index 22d7213ba..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/footer.vm +++ /dev/null @@ -1,20 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - - <div id="footer"> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/header.vm b/base/ra/apache/docroot/ra/admin/console/config/header.vm deleted file mode 100644 index e653da5c1..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/header.vm +++ /dev/null @@ -1,26 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<div id="header"> - <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> - <div id="headerpaddedtitle"> - <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - </div> -</div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/hierarchypanel.vm b/base/ra/apache/docroot/ra/admin/console/config/hierarchypanel.vm deleted file mode 100644 index 41cba696d..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/hierarchypanel.vm +++ /dev/null @@ -1,80 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { - setURL(); -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>PKI Hierarchy</h2> -<p> -This CA instance can be either a Self-Signed Root CA or a Subordinate CA. <a href="javascript:toggle_details();">[Details]</a> -<script> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} - -function setURL() { - var cbox = document.forms[0].elements['urls']; - if (document.forms[0].choice[0].checked) { - cbox.disabled = "disabled"; - } else { - cbox.disabled = ""; - } -} - -</script> - -<div id=details style="display: none;"> -<p> -The PKI hierarchy establishes the trust relationships between this CA instance and the other PKI instances within this security domain. A CA can be chained under an internal CA, or alternatively, it can be chained under a public or an external CA. -</div> - -<p> -<b><input $check_root type=radio name=choice value="root" onChange="setURL();"> Make this a Self-Signed Root CA within this new PKI hierarchy. <img alt="" src="/pki/images/rootca.gif"></b> -<p> -<b><input $check_join type=radio name=choice value="join" onChange="setURL();"> Make this a subordinate CA of another CA. <img alt="" src="/pki/images/sub.gif"></b> - - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls.size() > 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> -<p> diff --git a/base/ra/apache/docroot/ra/admin/console/config/importadmincertpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/importadmincertpanel.vm deleted file mode 100644 index 37df00c02..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/importadmincertpanel.vm +++ /dev/null @@ -1,56 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -An administrator's certificate has been created and imported into this browser. This certificate is used to access the agent interface of this subsystem. -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<font color="red">$info</font> -<p> - <p> - - <table class="details"> - <tr> -#if ($ca == 'true' && $import == 'true') -<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe> -#else -#if ($caType == 'ca' && $import == 'true') -<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe> -#else -<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe> -#end -#end -<input type="hidden" name="serialNumber" value=$serialNumber /> -<input type="hidden" name="caHost" value=$caHost /> -<input type="hidden" name="caPort" value=$caPort /> - </tr> - </table> - <div align="right"> - <hr /> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/login.vm b/base/ra/apache/docroot/ra/admin/console/config/login.vm deleted file mode 100644 index 14593ad9c..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/login.vm +++ /dev/null @@ -1,110 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - - - <body><div id="wrap"> - -#include ( "ra/admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td class="sidebar"> - - </td> - <td class="page-content" width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Login</h1> - -A one time random pin has been generated during setup to protect unauthorized access to this configuration wizard. This pin has been stored in the "CS.cfg" configuration file as the value of the 'preop.pin' parameter. Please enter this pin to continue. - - <p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <p> - <form name="f" action="login" method="post"> - - <table class="details"> - <tr> - <th>PIN:</th> - <td><input type=password name="pin"></td> - </tr> - </table> - <div align="right"> - <hr /> - </div> - </form> - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> -<td align=right> -<input type=button onclick="javascript: document.f.submit();" name=login value="Login"> -</td> -</tr> -</table> - - - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - -#include ( "ra/admin/console/config/footer.vm" ) - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/modulepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/modulepanel.vm deleted file mode 100644 index cb9a1eaf8..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/modulepanel.vm +++ /dev/null @@ -1,158 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -Two lists of security modules are provided below. The <b>Supported Security Modules</b> list consists of both software-based and hardware-based security modules that this PKI solution supports, while the <b>Other Security Modules</b> list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. <a href="javascript:toggle_details();">[Details]</a> -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> -<div id=details style="display: none;"> -<br/> -Key pairs for this instance will be generated and stored on a device called a security module. -<br/> -A <b><i>key pair</i></b> consists of a public key and a private key. A <b><i>private key</i></b> is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the <b><i>key</i></b>. A <b><i>public key</i></b> is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a <b><i>certificate</i></b>. -<br/> -<b><i>Security modules</i></b> can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included. -<br/> -Before any security module solution can be used, a user must first always be authenticated to this security module via a token. To support this, each security module consists of one or more <b><i>slots</i></b>. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software. -<br/> -Finally, a <b><i>token</i></b> (often generically referred to as a <b><i>smartcard</i></b>), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot. For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication. -<br/> -Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue. -</div> -<br/> -<H2>Supported Security Modules</H2> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Module/Token</b></td> - <td width=10%><b>Status</b></td> - <td width=10%><b>Default</b></td> - <td width=10%><b>Operations</b></td> -</tr> -#foreach ($module in $sms) -<tr bgcolor="#eeeeee"> - <td><img alt="" src=$module.getImagePath()><br>$module.getUserFriendlyName()</td> - <td> - #if ($module.isFound()) - Found - #else - Not Found - #end - </td> - <td></td> - <td></td> -</tr> -#foreach ($token in $module.getTokens()) -<tr> - <td>- $token.getNickName()</td> - <td> - #if ($token.isLoggedIn()) - Logged In - #else - Not logged In - #end - </td> - <td> - #if ($token.isLoggedIn()) - #if ($defTok == $token.getNickName()) - <input checked type=radio name="choice" value="$token.getNickName()"> - #else - <input type=radio name="choice" value="$token.getNickName()"> - #end - #end - </td> - <td> - #if (!$token.isLoggedIn()) -<a href="wizard?p=$subpanelno&SecToken=$token.getNickName()">Login</a> - #end -</td> -</tr> -#end -#end - -</table> -<H2>Other Security Modules</H2> -<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Module/Token</b></td> - <td width=10%><b>Status</b></td> - <td width=10%><b>Default</b></td> - <td width=10%><b>Operations</b></td> -</tr> -#foreach ($module in $oms) -<tr bgcolor="#eeeeee"> - <td>$module.getUserFriendlyName()</td> - <td> - #if ($module.isFound()) - Found - #else - Not Found - #end - </td> - <td></td> - <td></td> -</tr> -#foreach ($token in $module.getTokens()) -<tr> - <td>- $token.getNickName()</td> - <td> - #if ($token.isLoggedIn()) - Logged In - #else - Not logged In - #end - </td> - <td> - #if ($defTok == $token.getNickName()) - <input checked type=radio name="choice" value="$token.getNickName()"> - #else - <input type=radio name="choice" value="$token.getNickName()"> - #end - </td> - <td></td> -</tr> -#end -#end - -</table> - - - <br/> - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/namepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/namepanel.vm deleted file mode 100644 index 071b523a9..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/namepanel.vm +++ /dev/null @@ -1,91 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -Each certificate associated with this instance needs to have a unique name within the PKI hierarchy. The following information will be used to generate these unique names. Each certificate will be stored in the security module using a unique nickname. <a href="javascript:toggle_details();">[Details]</a> -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> - -<div id=details style="display: none;"> -<p> -Each unique name, called the certificate's subject name, is referenced as the distinguished name (DN). A DN may be composed of multiple comma separated name=value fields. -<br/> -</div> - - <p> -#if ($errorString != "") -<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> -#foreach ($item in $certs) -<H2>$item.getUserFriendlyName()</H2> - - <table class="details"> - <tr> - <th>DN:</th> - <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getDN()"/></td> - </tr> - <tr> - <th>Nickname:</th> - <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()"/></td> - </tr> - </table> -<p> -#end -<p> -<hr> -<p> -Please select the CA to submit these system certificate requests: -<p> - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> - - <div align="right"> - <hr /> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/securitydomainloginpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/securitydomainloginpanel.vm deleted file mode 100644 index 58ace3f68..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/securitydomainloginpanel.vm +++ /dev/null @@ -1,109 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> -<META http-equiv=Content-Type content="text/html; charset=UTF-8"> - </head> - - -<div id="wrap"> -<div id="header"> - <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> - <div id="headerpaddedtitle"> - <a href="/" title="Dogtag">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - <dl><dt><span></span></dt><dd></dd></dl> - </div> -</div> - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Security Domain ($name) Login </h1> - - <form name=sdForm action="getCookie" method="post"> - <p>The Enterprise $subsystem Administrator will register this $subsystem Subsystem located at $host under this Security Domain located at $sdhost. The credential information will be provided to the Security Domain for authentication.<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <table class="details"> - <tr> - <th>Uid:</th> - - <td><input type="text" length="128" size="40" name="uid" value="$sd_uid" /></td> - </tr> - - <tr> - <th>Password:</th> - - <td><input type="password" length="64" size="40" name="pwd" value="$sd_pwd" autocomplete="off" /></td> - </tr> -<input type=hidden name=url value="$url"> - - </table> - - <div align="right"> - <hr /> - - </div> - - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<div align="right"> -<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login"> -</div> - </td> -</tr> -</table> - - </form> - - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/securitydomainpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/securitydomainpanel.vm deleted file mode 100644 index 39c3af992..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/securitydomainpanel.vm +++ /dev/null @@ -1,115 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>$panelname</h2> -<br/> -A security domain is a registry for all of the PKI services within an enterprise. Applications may use the security domain to locate other PKI services. <a href="javascript:toggle_details();">[Details]</a> -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> - -<div id=details style="display: none;"> -<br/> -This PKI solution allows multiple security domains within an organization, but each security domain must host a Certificate Authority. -<br/> -If the user is creating a new security domain, this CA Administrator is also -the security domain Administrator. -<br/> -If this subsystem is joining an existing security domain, the user will need to provide the credential information of the security domain Administrator -requested in the next panel. -</div> -#if ($errorString != "") -<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> -#if ($cstype == "CA") -<b><input $check_newdomain type=radio name=choice value="newdomain"> Create a New Security Domain </b> -<br/> -If no security domain exists, a new one must be created for this CA. - <table class="details"> - <tr> - <th>Security Domain Name: </th> - <td><input type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td> - </tr> - <tr> - <th>Security Domain HTTP EE URL (unsecure): </th> - <td>http://$machineName:$http_ee_port</td> - </tr> - <tr> - <th>Security Domain HTTPS Agent URL (clientauth): </th> - <td>https://$machineName:$https_agent_port</td> - </tr> - <tr> - <th>Security Domain HTTPS EE URL (non-clientauth): </th> - <td>https://$machineName:$https_ee_port</td> - </tr> - <tr> - <th>Security Domain HTTPS Admin URL (non-clientauth): </th> - <td>https://$machineName:$https_admin_port</td> - </tr> - </table> -<br/> -<b><input $check_existingdomain type=radio name=choice value="existingdomain"> Join an Existing Security Domain </b> -#else -<b><input disabled="disabled" type=radio name=choice value="newdomain"> Create a New Security Domain </b> -<br/> -If no security domain exists, a new one must be created for this CA. - <table class="details"> - <tr> - <th>Security Domain Name: </th> - <td><input disabled="disabled" type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td> - </tr> - </table> -<br/> -<b><input checked type=radio name=choice value="existingdomain"> Join an Existing Security Domain </b> -#end -<br/> -Enter the URL to an existing security domain. -<br/> - <table class="details"> - <tr> - <th>Security Domain HTTPS Admin URL (non-clientauth): </th> - <td><input type=text size="40" name="sdomainURL" value="$sdomainURL"> (e.g. - https://example.com:9445)</td> - </tr> - </table> -<br/> -<table> -<tr> -<td valign="top"><b>NOTE: </b></td> -<td>Since a Security Domain MUST be a CA (although all CAs are NOT necessarily Security Domains), an appropriate value for this URL may be obtained by logging into the machine which hosts the desired Security Domain CA as 'root' and running the command "$statusCommand" from the command-line.</td> -</tr> -</table> -<br/> diff --git a/base/ra/apache/docroot/ra/admin/console/config/sidemenu.vm b/base/ra/apache/docroot/ra/admin/console/config/sidemenu.vm deleted file mode 100644 index 09fe16870..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/sidemenu.vm +++ /dev/null @@ -1,30 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<div id="sidenav"> -<ul> - <li><a href="welcome">Welcome</a></li> - <li><a href="database">Internal Database</a></li> - <li><a href="module">Security Modules</a></li> - <li><a href="size">Key Size</a></li> - <li><a href="name">Issuer Name</a></li> - <li><a href="hierarchy">PKI Hierarchy</a></li> - <li><a href="admin">Administrator</a></li> - <li><a href="done">Finish</a></li> -</ul> -</div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/sizepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/sizepanel.vm deleted file mode 100644 index 76b1d18a2..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/sizepanel.vm +++ /dev/null @@ -1,235 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<style type="text/css"> -div#advance -{ - margin: 0px 20px 0px 20px; - display: none; -} -div#simple -{ - margin: 0px 20px 0px 20px; - display: block; -} -</style> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -function toggleLayer(whichLayer) -{ - if (document.getElementById) { - // this is the way the standards work - var style2 = document.getElementById(whichLayer).style; - if (style2.display == "block") { - style2.display = "none"; - } else { - style2.display = "block"; - } - } -} - -function toggleLayer1(whichLayer) -{ - if (document.getElementById) { - // this is the way the standards work - var style2 = document.getElementById(whichLayer).style; - if (style2.display == "block") { - style2.display = "none"; - } else if (style2.display == "") { - style2.display = "none"; - } else { - style2.display = "block"; - } - } -} - -function keyTypeChange() -{ - var form = document.forms[0]; - var keyTypeSelect = document.forms[0].elements['keytype']; - for (var i = 0; i < form.length; i++) { - var name = form[i].name; - if (name.indexOf('_keytype') != -1) { - form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; - } - } -} - -function defaultChange() -{ - var form = document.forms[0]; - var choiceSelect = document.forms[0].elements['choice']; - for (var i = 0; i < form.length; i++) { - var name = form[i].name; - if (name.indexOf('_choice') != -1) { - for (var j = 0; j < form.elements[name].length; j++) { - var c = form.elements[name]; - c[j].checked = choiceSelect[j].checked; - } - } - } -} - -function customChange() -{ - var form = document.forms[0]; - var choiceSelect = document.forms[0].elements['choice']; - for (var i = 0; i < form.length; i++) { - var name = form[i].name; - if (name.indexOf('_choice') != -1) { - for (var j = 0; j < form.elements[name].length; j++) { - var c = form.elements[name]; - c[j].checked = choiceSelect[j].checked; - } - } - } -} - -function textChange() -{ - var customSize = document.forms[0].elements['custom_size']; - var form = document.forms[0]; - for (var i = 0; i < form.length; i++) { - var name = form[i].name; - if (name.indexOf('_custom_size') != -1) { - form.elements[name].value = customSize.value; - } - } -} - -</SCRIPT> -Select the key pair type(s) and associated key pair size(s) from the pulldown menus. <a href="javascript:toggle_details();">[Details]</a> -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> -<div id=details style="display: none;"> -<p> -Each key pair is comprised of a <b><i>key type</i></b> and a <b><i>key size</i></b>. Based upon the key type selected from the first pulldown menu, associated key sizes (in bits) will be selectable from the second pulldown menu. -<p> -Within each key pair type (but not comparable between two different key pair types), the size of the key is a measure of how secure a given system is (i.e. - the longer the key pair size, the more secure the system). Unfortunately, longer key pair sizes increase the time required to perform operations such as signing certificates. -<p> -</div> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<p> -<div id="simple"> -<p> -<table width=100%> -<tr> - <td align=right><a href="javascript:toggleLayer1('simple'); toggleLayer('advance');" title="Advanced">[Advanced]</a></td> -</tr> -</table> -<p> -<H2>Common Key Settings</H2> -<p> -<table width=100% class="details"> - <tr> - <th width="30%">Key Type:</th> - <td><select name="keytype" onChange="keyTypeChange()"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td> - </tr> -</table> -<p> - <input -#if ($select == "default") - checked -#end - onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default key size ($default_keysize bits for RSA, $default_ecc_keysize bits for ECC)</b>. - <p> - <input -#if ($select == "custom") - checked -#end - onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following custom key size:</b> - - <p> -<table width=100% class="details"> - <tr> - <th>Key Size:</th> - <td><input onChange="textChange()" type="text" size="20" name="custom_size" value="2048" /></td> - </tr> -</table> -</div> -<p> -<div id="advance"> -<p> -<table width=100%> -<tr> - <td align=right><a href="javascript:toggleLayer1('simple');toggleLayer('advance');" title="Simple">[Simple]</a></td> -</tr> -</table> -#foreach ($item in $certs) -<H2>Key for $item.getUserFriendlyName()</H2> -<p> -<table width=100% class="details"> - <tr> - <th width="30%">Key Type:</th> - <td><select name="$item.getCertTag()_keytype"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td> - </tr> -</table> -<p> - <input -#if ($item.useDefaultKey()) - checked -#end - type=radio name=$item.getCertTag()_choice value="default"><b>Use the default key size ($default_keysize bits for RSA, $default_ecc_keysize bits for ECC). - <p> - <input -#if (!$item.useDefaultKey()) - checked -#end - type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following custom key size:</b> - - <p> -<table width=100% class="details"> - <tr> - <th>Key Size:</th> - <td><input type="text" size="20" name=$item.getCertTag()_custom_size value="$item.getCustomKeysize()" /></td> - </tr> -</table> -#end -</div> -<br/> -<br/> -<br/> -#if ($firsttime == 'false') -<input type="CHECKBOX" NAME="generateKeyPair">New Keys<p> -#end -<p> - <div align="right"> - <hr /> -<i>Note: After pressing Next, keys will be generated on the server, which will take some time to complete. Please wait for the next panel to appear.</i> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/tksinfopanel.vm b/base/ra/apache/docroot/ra/admin/console/config/tksinfopanel.vm deleted file mode 100644 index f4a0a3fd7..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/tksinfopanel.vm +++ /dev/null @@ -1,51 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -</SCRIPT> -The Token Key Service (TKS) is responsible for managing master keys that are used for establishing secure channels. Select an HTTPS Agent URL of a TKS from the list below. -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<p> - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> - <div align="right"> - <hr /> - </div> -<p> diff --git a/base/ra/apache/docroot/ra/admin/console/config/topmenu.vm b/base/ra/apache/docroot/ra/admin/console/config/topmenu.vm deleted file mode 100644 index 64881066f..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/topmenu.vm +++ /dev/null @@ -1,21 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<ul> -<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">Setup Wizard</a></li> -</ul> diff --git a/base/ra/apache/docroot/ra/admin/console/config/welcomepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/welcomepanel.vm deleted file mode 100644 index fd478d1a8..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/welcomepanel.vm +++ /dev/null @@ -1,57 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<H2>$wizardname</H2> -The $fullsystemname - configuration wizard will guide the administrator through the process of configuring a single instance of the $fullsystemname - ($systemname). <a href="javascript:toggle_details();">[Details]</a> - -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> - -<div id=details style="display: none;"> -<p> -A Public Key Infrastructure (PKI) system creates, manages, and revokes keys and certificates. -<p> -Dogtag Certificate System (DCS) $productversion -is a robust PKI system consisting of numerous subsystems including a Certificate Authority (CA), a Registration Authority (RA), a Data Recovery Manager (DRM), an Online Certificate Status Protocol (OCSP) Manager, a Token Key Service (TKS), and a Token Processing System (TPS), as well as a multi-platform smartcard middleware software client called Enterprise Security Client (ESC). -<p> -For any subsystem to be useable, a user must use this wizard to configure an instance of this subsystem. -#if ($systemType != "tps") -<p> -#end -</div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/wizard.vm b/base/ra/apache/docroot/ra/admin/console/config/wizard.vm deleted file mode 100644 index 4c7472817..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/wizard.vm +++ /dev/null @@ -1,144 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> - -<html> - <head> - - <title>Dogtag Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - - </head> - -<SCRIPT LANGUAGE="JavaScript"> -function process(fop) { - with (document.forms[0]) { - op.value = fop; - if (fop == 'next') { - document.getElementById('progress').style.visibility = "visible"; - performPanel(); - } else if (fop == 'apply') { - document.getElementById('progress').style.visibility = "visible"; - performPanel(); - } else { - document.getElementById('progress').style.visibility = "visible"; - submit(); - } - } -} - -</SCRIPT> - - <body><div id="wrap"> - -#include ( "ra/admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - - -<ul> -<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">$name</a></li> -</ul> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -</div> - - -</div> -</div> - -</div> -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td class="sidebar"> - -<div id="sidenav"> -<ul> -#foreach ($pn in $panels) -#if (!$pn.isSubPanel()) - <li><center><font color=black size="2">$pn.getName()</font></center></li> -#end -#end -</ul> -</div> - - </td> - <td class="page-content" width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - $title </h1> - -<form name=f method=post action="wizard"> -<input type=hidden name=p value="$p"> - -#parse ( $panel ) - -<input type=hidden name="op" value=''> - -</form> - -<table width=100% border=0 cellspacing=0 cellpadding=0> -<tr bgcolor="#eeeeee"> -<td><img id=progress style="visibility: hidden;" src="/pki/images/bigrotation2.gif" /></td> -<td align=right> - -#if ($showApplyButton == "true") -<input type=button onclick="process('apply')" name=back value="Apply"> -#end - -#if ($lastpanel) - -#else -<input type=button onclick="process('next')" name=back value="Next>"> -#end - -</td> -</tr> -</table> - - </td> - </tr> - </table> - -#include ( "ra/admin/console/config/footer.vm" ) - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/xml.vm b/base/ra/apache/docroot/ra/admin/console/config/xml.vm deleted file mode 100644 index 31ff72aa2..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/xml.vm +++ /dev/null @@ -1,4 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<response> - $xml -</response> diff --git a/base/ra/apache/docroot/ra/admin/console/js/misc.js b/base/ra/apache/docroot/ra/admin/console/js/misc.js deleted file mode 100644 index d4dc336ab..000000000 --- a/base/ra/apache/docroot/ra/admin/console/js/misc.js +++ /dev/null @@ -1,30 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// Copyright (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * This function is to submit the form's parameters and to decide if the - * window should remain open. - * - * @param f The form - * @param fclose true if you want to close the window; otherwise false. - */ -function saveConfig(f, fclose) { - f.submit(); - if (fclose == true) - window.close(); -} diff --git a/base/ra/doc/CMakeLists.txt b/base/ra/doc/CMakeLists.txt deleted file mode 100644 index 419289d03..000000000 --- a/base/ra/doc/CMakeLists.txt +++ /dev/null @@ -1,8 +0,0 @@ -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY) - -install( - FILES - ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf -) diff --git a/base/ra/doc/CS.cfg.in b/base/ra/doc/CS.cfg.in deleted file mode 100644 index 227b117ce..000000000 --- a/base/ra/doc/CS.cfg.in +++ /dev/null @@ -1,242 +0,0 @@ -_000=## -_001=## Registration Authority (RA) Configuration File -_002=## -pidDir=[PKI_PIDDIR] -pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] -pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] -pkicreate.secure_port=[PKI_SECURE_PORT] -pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] -pkicreate.unsecure_port=[PKI_UNSECURE_PORT] -pkicreate.user=[PKI_USER] -pkicreate.group=[PKI_GROUP] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] -request._000=######################################### -request._001=# Request Queue Parameters -request._002=######################################### -agent.authorized_groups=administrators,agents -admin.authorized_groups=administrators -database.dbfile=[PKI_INSTANCE_PATH]/conf/dbfile -database.lockfile=[PKI_INSTANCE_PATH]/conf/dblock -request.renewal.approve_request.0.ca=ca1 -request.renewal.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA -request.renewal.approve_request.0.profileId=caDualRAuserCert -request.renewal.approve_request.0.reqType=crmf -request.renewal.approve_request.1.mailTo=$created_by -request.renewal.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.renewal.approve_request.1.templateDir=/usr/share/pki/ra/conf -request.renewal.approve_request.1.templateFile=mail_approve_request.vm -request.renewal.approve_request.num_plugins=2 -request.renewal.reject_request.num_plugins=0 -request.renewal.create_request.0.assignTo=agents -request.renewal.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.renewal.create_request.1.mailTo=$created_by -request.renewal.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.renewal.create_request.1.templateDir=/usr/share/pki/ra/conf -request.renewal.create_request.1.templateFile=mail_create_request.vm -request.renewal.create_request.num_plugins=2 -request.scep.profileId=caRARouterCert -request.scep.reqType=pkcs10 -request.scep.create_request.num_plugins=2 -request.scep.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.scep.create_request.0.assignTo=agents -request.scep.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.scep.create_request.1.mailTo= -request.scep.create_request.1.templateDir=/usr/share/pki/ra/conf -request.scep.create_request.1.templateFile=mail_create_request.vm -request.scep.approve_request.num_plugins=1 -request.scep.approve_request.0.plugin=PKI::Request::Plugin::CreatePin -request.scep.approve_request.0.pinFormat=$site_id -request.scep.reject_request.num_plugins=0 -request.agent.profileId=caRAagentCert -request.agent.reqType=crmf -request.agent.create_request.num_plugins=2 -request.agent.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.agent.create_request.0.assignTo=agents -request.agent.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.agent.create_request.1.mailTo= -request.agent.create_request.1.templateDir=/usr/share/pki/ra/conf -request.agent.create_request.1.templateFile=mail_create_request.vm -request.agent.approve_request.num_plugins=1 -request.agent.approve_request.0.plugin=PKI::Request::Plugin::CreatePin -request.agent.approve_request.0.pinFormat=$uid -request.agent.reject_request.num_plugins=0 -request.user.create_request.num_plugins=2 -request.user.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.user.create_request.0.assignTo=agents -request.user.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.user.create_request.1.templateDir=/usr/share/pki/ra/conf -request.user.create_request.1.templateFile=mail_create_request.vm -request.user.create_request.1.mailTo= -request.user.approve_request.num_plugins=2 -request.user.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA -request.user.approve_request.0.ca=ca1 -request.user.approve_request.0.profileId=caDualRAuserCert -request.user.approve_request.0.reqType=crmf -request.user.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.user.approve_request.1.mailTo=$created_by -request.user.approve_request.1.templateDir=/usr/share/pki/ra/conf -request.user.approve_request.1.templateFile=mail_approve_request.vm -request.user.reject_request.num_plugins=0 -request.server.create_request.num_plugins=2 -request.server.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.server.create_request.0.assignTo=agents -request.server.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.server.create_request.1.mailTo= -request.server.create_request.1.templateDir=/usr/share/pki/ra/conf -request.server.create_request.1.templateFile=mail_create_request.vm -request.server.approve_request.num_plugins=2 -request.server.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA -request.server.approve_request.0.ca=ca1 -request.server.approve_request.0.profileId=caRAserverCert -request.server.approve_request.0.reqType=pkcs10 -request.server.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.server.approve_request.1.mailTo=$created_by -request.server.approve_request.1.templateDir=/usr/share/pki/ra/conf -request.server.approve_request.1.templateFile=mail_approve_request.vm -request.server.reject_request.num_plugins=0 -cs.type=RA -service.machineName=[PKI_HOSTNAME] -service.instanceDir=[PKI_INSTANCE_PATH] -service.securePort=[PKI_SECURE_PORT] -service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] -service.unsecurePort=[PKI_UNSECURE_PORT] -service.instanceID=[PKI_INSTANCE_NAME] -logging._000=######################################### -logging._001=# RA configuration File -logging._002=# -logging._003=# All <...> must be replaced with -logging._004=# appropriate values. -logging._005=######################################### -logging._006=######################################## -logging._007=# logging -logging._008=# -logging._009=# logging.debug.enable: -logging._010=# logging.audit.enable: -logging._011=# logging.error.enable: -logging._012=# - enable or disable the corresponding logging -logging._013=# logging.debug.filename: -logging._014=# logging.audit.filename: -logging._015=# logging.error.filename: -logging._016=# - name of the log file -logging._017=# logging.debug.level: -logging._018=# logging.audit.level: -logging._019=# logging.error.level: -logging._020=# - level of logging. (0-10) -logging._021=# 0 - no logging, -logging._022=# 4 - LL_PER_SERVER these messages will occur only once -logging._023=# during the entire invocation of the -logging._024=# server, e. g. at startup or shutdown -logging._025=# time., reading the conf parameters. -logging._026=# Perhaps other infrequent events -logging._027=# relating to failing over of CA, TKS, -logging._028=# too -logging._029=# 6 - LL_PER_CONNECTION these messages happen once per -logging._030=# connection - most of the log events -logging._031=# will be at this level -logging._032=# 8 - LL_PER_PDU these messages relate to PDU -logging._033=# processing. If you have something that -logging._034=# is done for every PDU, such as -logging._035=# applying the MAC, it should be logged -logging._036=# at this level -logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more -logging._038=# chatty version of the above -logging._039=# 10 - all logging -logging._040=######################################### -logging.debug.enable=true -logging.debug.filename=[PKI_INSTANCE_PATH]/logs/ra-debug.log -logging.debug.level=7 -logging.audit.enable=true -logging.audit.filename=[PKI_INSTANCE_PATH]/logs/ra-audit.log -logging.audit.level=10 -logging.error.enable=true -logging.error.filename=[PKI_INSTANCE_PATH]/logs/ra-error.log -logging.error.level=10 -conn.ca1._000=######################################### -conn.ca1._001=# CA connection -conn.ca1._002=# -conn.ca1._003=# conn.ca<n>.hostport: -conn.ca1._004=# - host name and port number of your CA, format is host:port -conn.ca1._005=# conn.ca<n>.clientNickname: -conn.ca1._006=# - nickname of the client certificate for -conn.ca1._007=# authentication -conn.ca1._008=# conn.ca<n>.servlet.enrollment: -conn.ca1._009=# - servlet to contact in CA -conn.ca1._010=# - must be '/ca/ee/ca/profileSubmitSSLClient' -conn.ca1._008=# conn.ca<n>.servlet.addagent: -conn.ca1._009=# - servlet to add ra agent on CA -conn.ca1._010=# - must be '/ca/admin/ca/registerRaUser -conn.ca1._011=# conn.ca<n>.retryConnect: -conn.ca1._012=# - number of reconnection attempts on failure -conn.ca1._013=# conn.ca<n>.timeout: -conn.ca1._014=# - connection timeout -conn.ca1._015=# conn.ca<n>.SSLOn: -conn.ca1._016=# - enable SSL or not -conn.ca1._017=# conn.ca<n>.keepAlive: -conn.ca1._018=# - enable keep alive or not -conn.ca1._019=# -conn.ca1._020=# where -conn.ca1._021=# <n> - CA connection ID -conn.ca1._022=######################################### -failover.pod.enable=false -conn.ca1.hostport=[PKI_CA_HOSTNAME]:[PKI_CA_PORT] -conn.ca1.clientNickname=[HSM_LABEL][NICKNAME] -conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient -conn.ca1.servlet.addagent=/ca/admin/ca/registerRaUser -conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke -conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke -conn.ca1.retryConnect=3 -conn.ca1.timeout=100 -conn.ca1.SSLOn=true -conn.ca1.keepAlive=true -preop.pin=[PKI_RANDOM_NUMBER] -cms.product.version=@APPLICATION_VERSION@ -preop.cert._000=######################################### -preop.cert._001=# Installation configuration "preop" certs parameters -preop.cert._002=######################################### -preop.cert.list=sslserver,subsystem -preop.cert.sslserver.enable=true -preop.cert.subsystem.enable=true -preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_NAME] -preop.cert.sslserver.keysize.customsize=2048 -preop.cert.sslserver.keysize.size=2048 -preop.cert.sslserver.keysize.select=custom -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] -preop.cert.sslserver.profile=caInternalAuthServerCert -preop.cert.sslserver.subsystem=ra -preop.cert._003=#preop.cert.sslserver.type=local -preop.cert.sslserver.userfriendlyname=SSL Server Certificate -preop.cert._004=#preop.cert.sslserver.cncomponent.override=false -preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA -preop.cert.subsystem.dn=CN=RA Subsystem Certificate, OU=[PKI_INSTANCE_NAME] -preop.cert.subsystem.keysize.customsize=2048 -preop.cert.subsystem.keysize.size=2048 -preop.cert.subsystem.keysize.select=custom -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] -preop.cert.subsystem.profile=caInternalAuthSubsystemCert -preop.cert.subsystem.subsystem=ra -preop.cert._005=#preop.cert.subsystem.type=local -preop.cert.subsystem.userfriendlyname=Subsystem Certificate -preop.cert._006=#preop.cert.subsystem.cncomponent.override=true -preop.configModules._000=######################################### -preop.configModules._001=# Installation configuration "preop" module parameters -preop.configModules._002=######################################### -preop.configModules.count=3 -preop.configModules.module0.commonName=NSS Internal PKCS #11 Module -preop.configModules.module0.imagePath=/pki/images/clearpixel.gif -preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module -preop.configModules.module1.commonName=nfast -preop.configModules.module1.imagePath=/pki/images/clearpixel.gif -preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module -preop.configModules.module2.commonName=lunasa -preop.configModules.module2.imagePath=/pki/images/clearpixel.gif -preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module -preop.module.token=NSS Certificate DB -preop.keysize._000=######################################### -preop.keysize._001=# Installation configuration "preop" keysize parameters -preop.keysize._002=######################################### -preop.keysize.customsize=2048 -preop.keysize.select=default -preop.keysize.size=2048 -preop.keysize.ecc.size=256 diff --git a/base/ra/emails/mail_approve_request.vm b/base/ra/emails/mail_approve_request.vm deleted file mode 100644 index 461eb4d10..000000000 --- a/base/ra/emails/mail_approve_request.vm +++ /dev/null @@ -1,11 +0,0 @@ -Reply-to: $mail_to -Subject: Request #$request_id approved -To: $mail_to -Content-type: text/plain\n\n -Request #$request_id has been approved -for -Subject DN: $subject_dn - -Import certificate at: -https://$machineName:$nonClientAuthSecurePort/ee/request/getcert.cgi?id=$request_id - diff --git a/base/ra/emails/mail_create_request.vm b/base/ra/emails/mail_create_request.vm deleted file mode 100644 index 317270efa..000000000 --- a/base/ra/emails/mail_create_request.vm +++ /dev/null @@ -1,8 +0,0 @@ -Reply-to: $mail_to -Subject: New request #$request_id has been created -To: $mail_to -Content-type: text/plain\n\n -A new request has been created for you. You can access -the request by going to - -https://$machineName:$securePort/agent/request/read.cgi?id=$request_id diff --git a/base/ra/etc/init.d/pki-rad b/base/ra/etc/init.d/pki-rad deleted file mode 100755 index 7da9775f9..000000000 --- a/base/ra/etc/init.d/pki-rad +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007-2010 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# pki-rad Startup script for the Apache HTTP pki-ra Server -# -# chkconfig: - 86 14 -# description: Registration Authority (Apache) -# processname: pki-rad -# piddir: /var/run/pki/ra -# config: ${PKI_INSTANCE_PATH}/conf/httpd.conf - -PROG_NAME=`basename $0` -SERVICE_NAME="pki-rad" -SERVICE_PROG="/sbin/service" -PKI_PATH="/usr/share/pki/ra" -PKI_REGISTRY="/etc/sysconfig/pki/ra" -PKI_TYPE="pki-ra" -PKI_TOTAL_PORTS=3 - -# Avoid using 'systemctl' for now -SYSTEMCTL_SKIP_REDIRECT=1 -export SYSTEMCTL_SKIP_REDIRECT - -# Disallow 'others' the ability to 'write' to new files -umask 00002 - -command="$1" -pki_instance="$2" - -# Source function library. -. /etc/init.d/functions - -# Source the PKI function library -. /usr/share/pki/scripts/functions - -# See how we were called. -case $command in - status) - registry_status - exit $? - ;; - start) - start - exit $? - ;; - restart) - restart - exit $? - ;; - stop) - stop - exit $? - ;; - condrestart|force-restart|try-restart) - [ ! -f ${lockfile} ] || restart - exit $? - ;; - reload) - echo "The 'reload' action is an unimplemented feature." - exit ${default_error} - ;; - *) - echo "unknown action ($command)" - usage - echo "where valid instance names include:" - list_instances - exit ${default_error} - ;; -esac - diff --git a/base/ra/lib/perl/PKI/Base/CertStore.pm b/base/ra/lib/perl/PKI/Base/CertStore.pm deleted file mode 100644 index 1a31ff971..000000000 --- a/base/ra/lib/perl/PKI/Base/CertStore.pm +++ /dev/null @@ -1,151 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::CertStore; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a cert store -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens this store -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); -} - -sub read_certificate { - my ($self, $serialno) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from certificates " . - "where serialno=" . $dbh->quote($serialno); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub map_certificate { - my ($self, $certificate) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from certificates " . - "where " . - "certificate=" . $dbh->quote($certificate); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub read_certificate_by_approver { - my ($self, $uid, $serialno) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from certificates " . - "where approved_by=". $dbh->quote($uid). - "AND serialno=" . $dbh->quote($serialno); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub list_certs_by_approver { - my ($self, $uid, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select *,approved_by from certificates " . - "where " . - "approved_by=". $dbh->quote($uid). - " limit $startpos, $maxcount"; - - my $sth = $dbh->prepare($select); - $sth->execute(); - my @certs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@certs, $ref); - } - $sth->finish(); - return @certs; - - -} - -sub add_certificate { - my ($self, $serialno, $csr, $subject_dn, $certificate, $reqid, $approved_by) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - # sqlite is not thread safe, do our own lock here - my $cmd = "insert into certificates (" . - "subject_dn" . "," . - "certificate" . "," . - "csr" . "," . - "serialno" . "," . - "rid" . "," . - "approved_by" . "," . - "created_at" . - ") values (" . - $dbh->quote($subject_dn) . "," . - $dbh->quote($certificate) . "," . - $dbh->quote($csr) . "," . - $dbh->quote($serialno) . "," . - $dbh->quote($reqid) . "," . - $dbh->quote($approved_by) . "," . - $dbh->quote($now) . - ")"; -REDO_ADD_CERT: - eval { - $dbh->do($cmd); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_ADD_CERT; - } - -} - -####################################### -# Closes this store -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/Conf.pm b/base/ra/lib/perl/PKI/Base/Conf.pm deleted file mode 100755 index 895ab28a3..000000000 --- a/base/ra/lib/perl/PKI/Base/Conf.pm +++ /dev/null @@ -1,130 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::Base::Conf; - -use strict; -use warnings; -use Exporter; - -$PKI::Base::Conf::VERSION = '1.00'; - -####################################################### -# Configuration Store -####################################################### -sub new { - my $class = shift; - my $self = {}; - my %hash = (); - $self->{filename} = ""; - $self->{hash} = \%hash; - bless $self,$class; - return $self; -} - -sub load_file -{ - my ($self, $filename) = @_; - - $self->{filename} = $filename; - if (-e $filename) { - open(CF, "<$filename"); - if (defined fileno CF) { - while (<CF>) { - if (/^#/) { - # comments - } elsif (/([^=]+)=(.*)$/) { - # print "$1 = $2\n"; - $self->{hash}{$1} = $2; - } else { - # preserve comments - } - } - } - close(CF); - } -} - -sub get_filename -{ - my ($self) = @_; - return $self->{filename}; -} - -sub get -{ - my ($self, $n) = @_; - return $self->{hash}{$n}; -} - -sub put -{ - my ($self, $n, $v) = @_; - $self->{hash}{$n} = $v; -} - -sub commit -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - - if (-e $self->{filename}) { - system("mv \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - } - - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); - - if (-e $self->{filename} . "." . $suffix) { - system("rm \"" . $self->{filename} . "." . $suffix . "\""); - } -} - -sub commit_with_backup -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - system("mv \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/PinStore.pm b/base/ra/lib/perl/PKI/Base/PinStore.pm deleted file mode 100644 index 437d259ff..000000000 --- a/base/ra/lib/perl/PKI/Base/PinStore.pm +++ /dev/null @@ -1,180 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::PinStore; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens request queue -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); -} - -####################################### -# Creates a new request -####################################### -sub generate_random -{ - my $low = $_[0]; - my $high = $_[1]; - - my $number = 0; - - if( $low >= $high || $low < 0 || $high < 0 ) { - return -1; - } - - $number = int( rand( $high -$low +1 ) ) + $low; - - return $number; -} - - -# arg0 length of string -# return random string -sub generate_random_string() -{ - my $length_of_randomstring=shift; # the length of the string - - my @chars=( 'a'..'z','A'..'Z','0'..'9' ); - my $random_string; - - foreach( 1..$length_of_randomstring ) { - $random_string .= $chars[rand @chars]; - } - - return $random_string; -} - -sub create_pin { - my ($self, $key, $rid, $created_by) = @_; - my $dbh = $self->{dbh}; - - my $pin = &generate_random_string(10); - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - # delete previous pin - my $delete = "delete from pins where key=" . $dbh->quote($key); - $dbh->do($delete); - - my $insert = "insert into pins (" . - "key" . "," . - "pin" . "," . - "rid" . "," . - "created_by" . "," . - "created_at" . - ") values (" . - $dbh->quote($key) . "," . - $dbh->quote($pin) . "," . - $dbh->quote($rid) . "," . - $dbh->quote($created_by) . "," . - $dbh->quote($now) . - ")"; -REDO_CREATE_PIN: - eval { - $dbh->do($insert); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_CREATE_PIN; - } - - my $rid = $dbh->func('last_insert_rowid'); - -# my $ref = $self->read_pin($rid); - - return $pin; -} - -####################################### -# Matches pin -####################################### -sub match { - my ($self, $key, $pin) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from pins " . - "where " . - "key=" . $dbh->quote($key) . " AND " . - "pin=" . $dbh->quote($pin); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - if (defined($ref)) { - return 1; - } else { - return 0; - } -} - -sub read_pin { - my ($self, $key) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from pins " . - "where " . - "key=" . $dbh->quote($key); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -####################################### -# Deletes pin -####################################### -sub delete { - my ($self, $key) = @_; - my $dbh = $self->{dbh}; - my $cmd = "delete from pins " . - "where " . - "key=" . $dbh->quote($key); - $dbh->do($cmd); -} - -####################################### -# Closes request queue -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/Registry.pm b/base/ra/lib/perl/PKI/Base/Registry.pm deleted file mode 100644 index a4fb83f28..000000000 --- a/base/ra/lib/perl/PKI/Base/Registry.pm +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::Registry; - -use PKI::Base::Conf; - -my $docroot; -my $cfg; -my $parser; - -BEGIN { - $docroot = $ENV{DOCUMENT_ROOT}; - $cfg = PKI::Base::Conf->new(); - $cfg->load_file("$docroot/../conf/CS.cfg"); - $parser = new Template::Velocity($docroot); - -} - -sub get_docroot { - my ($self) = @_; - return $docroot; -} - -sub get_parser { - my ($self) = @_; - return $parser; -} - -sub get_config { - my ($self) = @_; - return $cfg; -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/TimeTool.pm b/base/ra/lib/perl/PKI/Base/TimeTool.pm deleted file mode 100755 index 11f4be208..000000000 --- a/base/ra/lib/perl/PKI/Base/TimeTool.pm +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::TimeTool; - -use Time::Local; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub get_time() -{ - my ($self) = @_; - my ($sec, $min, $hr, $mday, $mnth, $y, $wd, $yd, $ds) = localtime(); - my $r_year = 1900 + $y; - my $r_mnth; - my $r_day; - $r_day = $mday; - $mnth = $mnth + 1; - $r_mnth = $mnth; - return "$r_year-$r_mnth-$r_day $hr:$min:$sec"; -} - - -1; diff --git a/base/ra/lib/perl/PKI/Base/UserStore.pm b/base/ra/lib/perl/PKI/Base/UserStore.pm deleted file mode 100644 index c05683792..000000000 --- a/base/ra/lib/perl/PKI/Base/UserStore.pm +++ /dev/null @@ -1,343 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::UserStore; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens this store -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); - my $timeout = $self->{dbh}->func("busy_timeout"); - $self->{dbh}->func($timeout * 10, "busy_timeout"); -} - -####################################### -# Maps user -####################################### -sub map_user { - my ($self, $certificate) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from users " . - "where " . - "certificate=" . $dbh->quote($certificate); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -####################################### -# Gets roles of the given user -####################################### -sub get_roles { - my ($self, $uid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from roles " . - "where " . - "uid=" . $dbh->quote($uid); - my @roles; - my $sth = $dbh->prepare($select); - $sth->execute(); - while (my $ref = $sth->fetchrow_hashref()) { - push(@roles, $ref->{'gid'}); - } - $sth->finish(); - return @roles; -} - - -####################################### -# Reads a user -####################################### -sub read_group { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from groups " . - "where gid=" . $dbh->quote($gid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub read_user { - my ($self, $uid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from users " . - "where uid=" . $dbh->quote($uid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub set_user { - my ($self, $uid, $name, $value) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update users set " . - $name . "=" . $dbh->quote($value) . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where uid=" . $dbh->quote($uid); - $dbh->do($update); - - my $select = "select * from users " . - "where uid=" . $dbh->quote($uid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -####################################### -# Lists all members in the given group -####################################### -sub list_all_members { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from roles where " . - "gid=" . $dbh->quote($gid) . " " . - "order by uid desc "; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -####################################### -# Lists -####################################### -sub list_all_non_members { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - # find members of the given group - my $select1 = "select * from roles where " . - "gid=" . $dbh->quote($gid); - my $sth1 = $dbh->prepare($select1); - $sth1->execute(); - my $filter = ""; - while (my $ref1 = $sth1->fetchrow_hashref()) { - if ($filter eq "") { - $filter = "uid<>" . $dbh->quote($ref1->{'uid'}); - } else { - $filter = $filter . " AND " . "uid<>" . $dbh->quote($ref1->{'uid'}); - } - } - $sth1->finish(); - - my $select; - if ($filter eq "") { - $select = "select * from users " . - "order by uid desc "; - } else { - $select = "select * from users where (" . - $filter . ") " . - "order by uid desc "; - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -sub delete_user { - my ($self, $userid) = @_; - my $dbh = $self->{dbh}; - - my $cmd = "delete from roles where uid=" . $dbh->quote($userid); - $dbh->do($cmd); - $cmd = "delete from users where uid=" . $dbh->quote($userid); - $dbh->do($cmd); -} - -sub add_user_to_group { - my ($self, $gid, $userid) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "insert into roles (" . - "gid" . "," . - "uid" . - ") values (" . - $dbh->quote($gid) . "," . - $dbh->quote($userid) . - ")"; - $dbh->do($cmd); -} - -sub delete_user_from_group { - my ($self, $gid, $userid) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "delete from roles where " . - "gid=" . $dbh->quote($gid) . " AND " . - "uid=" . $dbh->quote($userid); - $dbh->do($cmd); -} - -sub add_user { - my ($self, $userid, $name, $email, $certificate) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "insert into users (" . - "uid" . "," . - "name" . "," . - "email" . "," . - "certificate" . "," . - "created_at" . - ") values (" . - $dbh->quote($userid) . "," . - $dbh->quote($name) . "," . - $dbh->quote($email) . "," . - $dbh->quote($certificate) . "," . - $dbh->quote($now) . - ")"; -REDO_ADD_USER: - eval { - $dbh->do($cmd); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_ADD_USER; - } -} - -sub add_group { - my ($self, $gid, $name) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "insert into groups (" . - "gid" . "," . - "name" . "," . - "created_at" . - ") values (" . - $dbh->quote($gid) . "," . - $dbh->quote($name) . "," . - $dbh->quote($now) . - ")"; -REDO_ADD_GROUP: - eval { - $dbh->do($cmd); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_ADD_GROUP; - } -} - -sub delete_group { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "delete from roles where gid=" . $dbh->quote($gid); - $dbh->do($cmd); - $cmd = "delete from groups where gid=" . $dbh->quote($gid); - $dbh->do($cmd); -} - -sub list_users { - my ($self, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from users " . - "order by uid desc " . - "limit $startpos, $maxcount"; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -sub list_groups { - my ($self, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from groups " . - "order by gid desc " . - "limit $startpos, $maxcount"; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} -####################################### -# Closes this store -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/Util.pm b/base/ra/lib/perl/PKI/Base/Util.pm deleted file mode 100755 index f01062e42..000000000 --- a/base/ra/lib/perl/PKI/Base/Util.pm +++ /dev/null @@ -1,155 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::Util; - -use Time::Local; - -use DBI; -use HTML::Entities; - -####################################### -# Constructs a util -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub get_val() -{ - my ($self, $s) = @_; - return $s; -} - -sub get_integer_val() -{ - my ($self, $s) = @_; - return $s; -} - -sub get_string_val() -{ - my ($self, $s) = @_; - return $s; -} - -sub get_alphanum_val() -{ - my ($self, $s) = @_; - $s =~ s/[^A-Za-z0-9 ]*//g; - return $s; -} - -sub normalize_csr() -{ - my ($self, $s) = @_; - $s =~ s/-----BEGIN CERTIFICATE REQUEST-----//g; - $s =~ s/-----END CERTIFICATE REQUEST-----//g; - $s =~ s/-----BEGIN NEW CERTIFICATE REQUEST-----//g; - $s =~ s/-----END NEW CERTIFICATE REQUEST-----//g; - $s =~ s/\s//g; - return $s; -} - -sub breakline() -{ - my ($self, $s, $maxlen) = @_; - - my $new_s; - my $i = 0; - foreach my $c (split(//, $s)) { - if ($i == $maxlen) { - $i = 0; - $new_s = $new_s . "<br/>"; - } - $new_s = $new_s . $c; - $i++; - } - return $new_s; -} - -sub nv_to_hash() -{ - my ($self, $s) = @_; - my %hash; - my @pairs = split(/;/, $s); - foreach $pair (@pairs) { - my $i = index('=', $pair); - my $n = substr($pair, 0, $i-1); - my $v = substr($pair, $i); - $hash{$n} = $v; - } - return \%hash; -} - -sub nv_to_str() -{ - my ($self, $hash) = @_; - my $s = ""; - foreach $k (keys %$hash) { - if ($s eq "") { - $s = $k . "=" . $$hash{$k}; - } else { - $s = $s . ";" . $k . "=" . $$hash{$k}; - } - } - return $s; -} - -sub test() -{ - my %h; - $h{'x'} = 'y'; - $h{'z'} = 'y'; - my $o = PKI::Base::NameValueUtil->new(); - print $o->to_str(\%h) . "\n"; - print $o->to_str($o->to_hash("5=1;c=2")) . "\n"; -} - -sub html_encode() -{ - my ($self, $s) = @_; - return HTML::Entities::encode($s); -} - -sub html_encode_and_break() -{ - my ($self, $s, $maxlen) = @_; - my $new_s = ''; - my $i = 0; - foreach my $c (split(//, $s)) { - if ($i == $maxlen) { - $i = 0; - $new_s = $new_s . '***'; - } - $new_s = $new_s . $c; - $i++; - } - $s = HTML::Entities::encode($new_s); - $s =~ s/\*\*\*/<br\/>/g; - return $s; -} - -1; diff --git a/base/ra/lib/perl/PKI/Conn/CA.pm b/base/ra/lib/perl/PKI/Conn/CA.pm deleted file mode 100644 index f3c8834ed..000000000 --- a/base/ra/lib/perl/PKI/Conn/CA.pm +++ /dev/null @@ -1,390 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Conn::CA; - -use URI::URL; -use URI::Escape; -use XML::Simple; -use Data::Dumper; -use DBI; -use PKI::Base::TimeTool; -use PKI::Base::CertStore; -use PKI::Base::Util; -use PKI::Request::Queue; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens request queue -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $certstore = PKI::Base::CertStore->new(); - $certstore->open($cfg); - $self->{certstore} = $certstore; -} - -####################################### -# Enrolls -####################################### -sub enroll { - my ($self, $rid, $con_id, $profile_id, $cert_request_type, $cert_request) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($rid); - if ($req->{'subject_dn'} ne "unavailable") { - $subject = $req->{'subject_dn'}; - } - - my $tmpfile = "/tmp/tmp-$rid-$$"; - my $params = "profileId=" . $profile_id . "&" . - "requestor_name=" . - URI::Escape::uri_escape("$requestor_name") . "&" . - "cert_request_type=" . $cert_request_type . "&" . - "subject=" . - URI::Escape::uri_escape("$subject") . "&" . - "cert_request=" . - URI::Escape::uri_escape("$cert_request") . "&" . - "xmlOutput=true"; - - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile"); - - my $content = `cat $tmpfile`; - if ($content eq "") { - $queue->set_request($rid, "errorString", "CA Connection Error"); - $queue->set_request($rid, "status", "ERROR"); - $queue->close(); - - $queue->close(); - return ""; - } - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - $content =~ s/\n//g; - - my $xmlparser = XML::Simple->new(); - my $response = $xmlparser->XMLin($content); - - my $status = $response->{Status}; - if ($status ne "0") { - my $errorString = $response->{Error}; - - $queue->set_request($rid, "errorString", "CA: ".$errorString); - $queue->set_request($rid, "status", "ERROR"); - - $queue->close(); - return ""; - } - - #reset to 0 in case of re-approval - $queue->set_request($rid, "errorString", "0"); - my $req = $queue->read_request($rid); - my $approved_by = $req->{'processed_by'}; - my $serialno = $response->{Requests}->{Request}->{serialno}; - $queue->set_request($rid, "serialno", $serialno); - my $subject_dn = $response->{Requests}->{Request}->{SubjectDN}; - $queue->set_request($rid, "subject_dn", $subject_dn); - my $cert = $response->{Requests}->{Request}->{b64}; - $queue->close(); - - my $util = PKI::Base::Util->new(); - my $csr = $cert_request; - $csr = $util->normalize_csr($csr); - - $self->{certstore}->add_certificate($serialno, $csr, $subject_dn, $cert, $rid, $approved_by); - - system("rm $tmpfile"); - - return $cert; -} - -sub get_http_content -{ - my ($self, $filename) = @_; - my $data = ""; - my $count = `grep -a Content-Length $filename | cut -d' ' -f2`; - chomp($count); - my $file_size = -s $filename; - my $offset = $file_size - $count; - - open(FP, "<$filename"); - binmode(FP); - seek(FP, $offset-1, 0); - read(FP, $data, $count); - close(FP); - return $data; -} - -####################################### -# Revoke -####################################### -sub revoke { - my ($self, $rid, $con_id, $serialno, $reason) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostagentport"); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-revoke-$serialno-$$"; - my ($host, $port) = split(/:/, $cahostport); - my $params = "op=" . "revoke" . "&" . - "revocationReason=" .$reason . "&" . - "revokeAll=(certRecordId=" ."0x".$serialno . ")&" . - "totalRecordCount=" ."1" . "&" . - "xml=true"; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/agent/ca/doRevoke\" $host:$port > $tmpfile"); - - my $content = `cat $tmpfile`; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - if ($content eq "") { - $queue->set_request($rid, "errorString", "CA Connection Error"); -# $queue->set_request($rid, "status", "ERROR"); - $queue->close(); - - $queue->close(); - return ""; - } - $content =~ s/\000//; - $content =~ /(\<xml\>.*\<\/xml\>)/s; - $content = $1; - $content =~ s/\n//g; - - my $req = $queue->read_request($rid); - - my $xmlparser = XML::Simple->new(NormalizeSpace => 2); - my $response = $xmlparser->XMLin($content); - - my $errorString = $response->{fixed}->{errorDetails}; - my $revoked = $response->{header}->{revoked}; - - if ($revoked ne "yes") { - $queue->set_request($rid, "errorString", "CA:".$errorString); - } else { - $queue->set_request($rid, "errorString", "0"); - } - system("rm $tmpfile"); - - $queue->close(); - return; -} - -####################################### -# Get Certificate Status -####################################### -sub getCertStatus { - my ($self, $con_id, $serialno) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - - my $tmpfile = "/tmp/tmp-$serialno-$$"; - my $params = "serialNumber=" . "0x".$serialno . "&" . - "xml=true"; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/displayBySerial\" $host:$port > $tmpfile"); - - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - if ($content eq "") { - return "CA: Connection Error"; - system("rm $tmpfile"); - } - - $content =~ /(\<xml\>.*\<\/xml\>)/s; - $content = $1; - $content =~ s/\n//g; - - my $xmlparser = XML::Simple->new(NormalizeSpace => 2); - my $response = $xmlparser->XMLin($content); - - my $errorString = $response->{fixed}->{errorDetails}; - my $revokeReason = $response->{header}->{revocationReason}; - - if ($revokeReason eq "") { - if ($errorString eq "") { - return "not revoked"; - } else { - return "CA:".$errorString; - } - } else { - return "revoked:".$revokeReason; - } -} - -####################################### -# SCEP -####################################### -sub scep_get_ca_cert { - my ($self, $con_id, $operation, $message) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-$$"; - my $params = "operation=" . $operation . "&" . - "message=" . $message; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -n \"$nickname\" -r \"/ca/ee/ca/pkiclient\" $host:$port > $tmpfile"); - - - my $content = $self->get_http_content($tmpfile); - - system("rm $tmpfile"); - - return $content; -} - -# decode PKI Message -sub scep_decode { - my ($self, $con_id, $operation, $message) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-$$"; - my $params = "operation=" . $operation . "&" . - "message=" . $message . "&" . - "decode=true"; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -n \"$nickname\" -r \"/ca/ee/ca/pkiclient\" $host:$port > $tmpfile"); - - - my $content = $self->get_http_content($tmpfile); - - system("rm $tmpfile"); - - return $content; -} - -sub scep_pki_message { - my ($self, $con_id, $operation, $message) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-$$"; - my $params = "operation=" . $operation . "&" . - "message=" . $message; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -n \"$nickname\" -r \"/ca/ee/ca/pkiclient\" $host:$port > $tmpfile"); - - - my $content = $self->get_http_content($tmpfile); - - system("rm $tmpfile"); - - return $content; -} - - -####################################### -# Closes connection -####################################### -sub close { - my ($self) = @_; - $self->{certstore}->close(); -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm b/base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm deleted file mode 100755 index 656dc2d5e..000000000 --- a/base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::AdminAuthPanel; -$PKI::RA::AdminAuthPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(8); - $self->{"getName"} = &PKI::RA::Common::r("Admin Authentication"); - $self->{"vmfile"} = "adminauthenticatepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminAuthPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminAuthPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminAuthPanel: display"); - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/AdminPanel.pm b/base/ra/lib/perl/PKI/RA/AdminPanel.pm deleted file mode 100755 index a5538ef54..000000000 --- a/base/ra/lib/perl/PKI/RA/AdminPanel.pm +++ /dev/null @@ -1,227 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use URI::Escape; -use DBI; - -package PKI::RA::AdminPanel; -$PKI::RA::AdminPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(14); - $self->{"getName"} = &PKI::RA::Common::r("Administrator"); - $self->{"vmfile"} = "adminpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminPanel: validate"); - return 1; -} - - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminPanel: update"); - - my $uid = $q->param("uid"); - my $name = $q->param("name"); - my $email = $q->param("email"); - my $password = $q->param("__pwd"); - my $password_again = $q->param("__admin_password_again"); - - my $cert_request = $q->param("cert_request"); - my $subject = $q->param("subject"); - my $profile_id = $q->param("profileId"); - my $cert_request_type = $q->param("cert_request_type"); - - $cert_request =~ s/%0D%0A//g; # remove carraige return - - # submit request to CA - - # Admin Certificate should be obtained from the ca selected in the - # name panel. If name panel use External CA, the admin certificate - # will be issued by the security domain CA. - my $cainfo = $::config->get("preop.ca.url"); - &PKI::RA::Wizard::debug_log("AdminPanel: preop.ca.url=$cainfo"); - if ($cainfo eq "" || $cainfo =~ /:$/) { - $cainfo = $::config->get("config.sdomainEEURL"); - &PKI::RA::Wizard::debug_log("AdminPanel: config.sdomainEEURL=$cainfo"); - } - &PKI::RA::Wizard::debug_log("AdminPanel: Connecting to CA: $cainfo"); - my $cainfo_url = new URI::URL($cainfo); - my $sdom = $::config->get("config.sdomainEEURL"); - my $sdom_url = new URI::URL($sdom); - - my $machineName = $::config->get("service.machineName"); - my $securePort = $::config->get("service.securePort"); - my $session_id = $::config->get("preop.sessionID"); - - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $requestor_name = "RA-" . $machineName . "-" . $securePort; - - my $params = "profileId=" . $profile_id . "&" . - "requestor_name=" . $requestor_name . "&" . - "cert_request_type=" . $cert_request_type . "&" . - "subject=" . $subject . "&" . - "cert_request=" . - URI::Escape::uri_escape("$cert_request") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_url->host . "&" . - "auth_port=" . $sdom_url->port; - - my $ca_host = $cainfo_url->host; - my $https_ee_port = $cainfo_url->port; - my $content = ""; - my $tmpfile = "/tmp/admin-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile"); - $content = `cat $tmpfile`; - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile"); - $content = `cat $tmpfile`; - } - system("rm $tmpfile"); - &PKI::RA::Wizard::debug_log("req = " . $content); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - # create user in internal database - &PKI::RA::Wizard::debug_log("AdminPanel: Creating user in internal database"); - # use scripts/addAgents.ldif - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $admincert = $response->{Requests}->{Request}->{b64}; - &PKI::RA::Wizard::debug_log("AdminPanel: admincert " . $admincert); - - # create local database - my $dbh = DBI->connect( - "dbi:SQLite:dbname=$instanceDir/conf/dbfile","",""); - my $insert = "insert into users (" . - "uid" . "," . - "name" . "," . - "password" . "," . - "email" . "," . - "certificate" . - ") values (" . - $dbh->quote($uid) . "," . - $dbh->quote($name) . "," . - $dbh->quote($password) . "," . - $dbh->quote($email) . "," . - $dbh->quote($admincert) . - ")"; - $dbh->do($insert); - $insert = "insert into roles (" . - "uid" . "," . - "gid" . - ") values (" . - $dbh->quote($uid) . "," . - $dbh->quote("administrators") . - ")"; - $dbh->do($insert); - $insert = "insert into roles (" . - "uid" . "," . - "gid" . - ") values (" . - $dbh->quote($uid) . "," . - $dbh->quote("agents") . - ")"; - $dbh->do($insert); - $dbh->disconnect(); - - my $reqid = $response->{Requests}->{Request}->{Id}; - $::config->put("preop.admincert.requestId.0", $reqid); - my $sn = $response->{Requests}->{Request}->{serialno}; - $::config->put("preop.admincert.serialno.0", $sn); - - # update email address - $::config->put("request.agent.create_request.1.mailTo", $email); - $::config->put("request.scep.create_request.1.mailTo", $email); - $::config->put("request.server.create_request.1.mailTo", $email); - $::config->put("request.user.create_request.1.mailTo", $email); - - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminPanel: display"); - $::symbol{admin_uid} = "admin"; - $::symbol{admin_name} = "RA Administrator"; - $::symbol{admin_email} = ""; - $::symbol{admin_pwd} = ""; - $::symbol{admin_pwd_again} = ""; - $::symbol{import} = "true"; - my $domain_name = $::config->get("preop.securitydomain.name"); - $::symbol{securityDomain} = $domain_name; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm b/base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm deleted file mode 100755 index 1ada5ad54..000000000 --- a/base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::AgentAuthPanel; -$PKI::RA::AgentAuthPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(7); - $self->{"getName"} = &PKI::RA::Common::r("Agent Authentication"); - $self->{"vmfile"} = "agentauthenticatepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AgentAuthPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AgentAuthPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AgentAuthPanel: display"); - return 1; -} - - -1; diff --git a/base/ra/lib/perl/PKI/RA/BasePanel.pm b/base/ra/lib/perl/PKI/RA/BasePanel.pm deleted file mode 100755 index 5cb4d7697..000000000 --- a/base/ra/lib/perl/PKI/RA/BasePanel.pm +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::BasePanel; -$PKI::RA::BasePanel::VERSION = '1.00'; - -sub new { - my ($class) = @_; - my $self = {}; - bless $self, $class; - return $self; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm b/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm deleted file mode 100755 index 4cc65e5cf..000000000 --- a/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm +++ /dev/null @@ -1,289 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::CAInfoPanel; -$PKI::RA::CAInfoPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(4); - $self->{"getName"} = &PKI::RA::Common::r("CA Information"); - $self->{"vmfile"} = "cainfopanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CAInfoPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CAInfoPanel: update"); - - my $count = $q->param('urls'); - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - got urls = $count"); - - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - selected ca= $count"); - - my $instanceID = $::config->get("service.instanceID"); - my $host = ""; - my $https_ee_port = ""; - my $https_agent_port = ""; - my $https_admin_port = ""; - my $domain_xml = ""; - - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_ee_port = $info->port; - $domain_xml = get_domain_xml($host, $https_ee_port); - if ($domain_xml eq "") { - $::symbol{errorString} = "missing security domain. CA must be installed prior to RA installation"; - return 0; - } - - $https_agent_port = get_secure_agent_port_from_domain_xml($domain_xml, $host, $https_ee_port); - $https_admin_port = get_secure_admin_port_from_domain_xml($domain_xml, $host, $https_ee_port); - - if(($https_admin_port eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "missing secure CA admin or agent port. CA must be installed prior to RA installation"; - return 0; - } - } else { - $host = $::config->get("preop.securitydomain.ca$count.host"); - $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - $https_agent_port = $::config->get("preop.securitydomain.ca$count.secureagentport"); - $https_admin_port = $::config->get("preop.securitydomain.ca$count.secureadminport"); - } - - if (($host eq "") || ($https_ee_port eq "") || ($https_admin_port eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no CA found. CA must be installed prior to RA installation"; - return 0; - } - - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - host= $host, https_ee_port= $https_ee_port"); - - $::config->put("preop.cainfo.select", "https://$host:$https_admin_port"); - my $serverCertNickName = $::config->get("preop.cert.sslserver.nickname"); - - my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); - $::config->put("conn.ca1.clientNickname", $subsystemCertNickName); - $::config->put("conn.ca1.hostport", $host . ":" . $https_ee_port); - $::config->put("conn.ca1.hostagentport", $host . ":" . $https_agent_port); - $::config->put("conn.ca1.hostadminport", $host . ":" . $https_admin_port); - - $::config->commit(); - - # connect to the CA, and retrieve the CA certificate - &PKI::RA::Wizard::debug_log("CAInfoPanel: update connecting to CA and retrieve cert chain"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - my $tmpfile = "/tmp/ca-$$"; - system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$https_ee_port > $tmpfile"); - my $cmd = `cat $tmpfile`; - system("rm $tmpfile"); - my $caCert; - if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) { - $caCert = $1; - &PKI::RA::Wizard::debug_log("CAInfoPanel: ca= $caCert"); - } - if ($caCert eq "") { - &PKI::RA::Wizard::debug_log("CAInfoPanel: update no cert chain found"); - return 0; - } - open(F, ">$instanceDir/conf/caCertChain2.txt"); - print F $cert_header."\n".$caCert."\n".$cert_footer; - close(F); - - &PKI::RA::Wizard::debug_log("CAInfoPanel: update retrieve cert chain done"); - - #import cert chain - system("p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt"); - my $r = $? >> 8; - my $failed = $? & 127; - if (($r > 0) && ($r < 10) && !$failed) { - my $i = 0; - while ($i ne $r) { - my $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`; - $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i" -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`; - $i++; - } - } - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CAInfoPanel: display"); - - $::symbol{urls} = []; -# unshift(@{$::symbol{urls}}, "External CA"); - my $count = 0; - my $first = 1; - my $list = ""; - while (1) { - my $host = $::config->get("preop.securitydomain.ca$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - my $name = $::config->get("preop.securitydomain.ca$count.subsystemname"); - my $item = $name . " - https://" . $host . ":" . $https_ee_port; -# my $item = "https://" . $host . ":" . $https_ee_port; -# unshift(@{$::symbol{urls}}, $item); - $::symbol{urls}[$count++] = $item; - if ($first eq 1) { - $list = $item; - $first = 0; - } else { - $list = $list.",".$item; - } - } -DONE: -# $list = $list.",External CA"; - $::config->put("preop.ca.list", $list); - - $::symbol{urls_size} = $count; - if ($count eq 0) { - $::symbol{errorString} = "no CA found. CA, TKS, and optionally DRM must be installed prior to RA installation"; - return 0; - } - return 1; -} - -sub get_domain_xml -{ - my $host = $1; - my $https_ee_port = $2; - - # get the domain xml - # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $sd_host = $::config->get("securitydomain.host"); - my $sd_admin_port = $::config->get("securitydomain.httpsadminport"); - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - return $content; -} - -sub get_secure_admin_port_from_domain_xml -{ - my $content = $1; - my $host = $2; - my $https_ee_port = $3; - - # Retrieve the secure admin port corresponding - # to the selected host and secure ee port. - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $xml = $parser->XMLin( $response->{'DomainInfo'}, - ForceArray => 1 ); - my $https_admin_port = ""; - my $count = 0; - foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) { - if( ( $host eq $c->{'Host'}[0] ) && - ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) { - $https_admin_port = https_$c->{'SecureAdminPort'}[0]; - } - - $count++; - } - - return $https_admin_port; -} - -sub get_secure_agent_port_from_domain_xml -{ - my $content = $1; - my $host = $2; - my $https_ee_port = $3; - - # Retrieve the secure agent port corresponding - # to the selected host and secure ee port. - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $xml = $parser->XMLin( $response->{'DomainInfo'}, - ForceArray => 1 ); - my $https_agent_port = ""; - my $count = 0; - foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) { - if( ( $host eq $c->{'Host'}[0] ) && - ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) { - $https_agent_port = https_$c->{'SecureAgentPort'}[0]; - } - - $count++; - } - - return $https_agent_port; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/CertInfo.pm b/base/ra/lib/perl/PKI/RA/CertInfo.pm deleted file mode 100755 index d1a8c3817..000000000 --- a/base/ra/lib/perl/PKI/RA/CertInfo.pm +++ /dev/null @@ -1,133 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::CertInfo; -$PKI::RA::CertInfo::VERSION = '1.00'; - -sub new { - my ($class, $name, $dn, $tag) = @_; - my $self = {}; - - &PKI::RA::Wizard::debug_log("CertInfo: start new"); - $self->{"getUserFriendlyName"} = \&get_user_friendly_name; - $self->{"getCertTag"} = \&get_cert_tag; - $self->{"getDN"} = \&get_dn; - $self->{"getNickname"} = \&get_nickname; - $self->{"useDefaultKey"} = \&use_default_key; - $self->{"getCustomKeysize"} = \&get_custom_keysize; - $self->{"keyOption"} = \&get_key_option; - &PKI::RA::Wizard::debug_log("CertInfo: end new"); - - $self->{name} = $name; - $self->{dn} = $dn; - $self->{tag} = $tag; - - bless $self, $class; - return $self; -} - -sub get_user_friendly_name -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_user_friendly_name"); - return $self->{name}; -} - -sub get_cert_tag -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_cert_tag"); - return $self->{tag}; -} - -sub get_dn -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_cert_dn"); - return $self->{dn}; -} - -sub use_default_key -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: use_default_key"); - my $option = $::config->get("preop.cert.$self->{tag}.keysize.select"); - if (($option ne "") && ($option ne "default")) { - return 0; - } - return 1; -} - -sub get_nickname -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_nickname"); - my $nickname = $::config->get("preop.cert.$self->{tag}.nickname"); - - my $flavor = "pki"; - $flavor =~ s/\n//g; - - if ($nickname ne "") { - return $nickname; - } else { - return $self->{tag}."cert cert-$flavor-ra"; - } -} - -sub get_key_option -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_key_option"); - my $option = $::config->get("preop.cert.$self->{tag}.keysize.select"); - - if ($option ne "") { - &PKI::RA::Wizard::debug_log("CertInfo: get_key_option from config = $option"); - return $option; - } else { - &PKI::RA::Wizard::debug_log("CertInfo: get_key_option not from config"); - return "default"; - } -} - -sub get_custom_keysize -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize"); - my $size = $::config->get("preop.cert.$self->{tag}.keysize.customsize"); - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize for preop.cert.$self->{tag}.keysize.customsize is $size"); - if ($size ne "") { - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize from config is $size"); - return $size; - } else { - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize not from config"); - return 2048; - } -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm b/base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm deleted file mode 100755 index cf58d2327..000000000 --- a/base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::CertPrettyPrintPanel; -$PKI::RA::CertPrettyPrintPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(13); - $self->{"getName"} = &PKI::RA::Common::r("Certificates"); - $self->{"vmfile"} = "certprettyprintpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertPrettyPrintPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertPrettyPrintPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertPrettyPrintPanel: display"); - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm b/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm deleted file mode 100755 index 51eb1d400..000000000 --- a/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm +++ /dev/null @@ -1,301 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::ReqCertInfo; -use FileHandle; - -package PKI::RA::CertRequestPanel; -$PKI::RA::CertRequestPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----"; -our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----"; -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(13); - $self->{"getName"} = &PKI::RA::Common::r("Certificate Requests"); - $self->{"vmfile"} = "certrequestpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertRequestPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertRequestPanel: update"); - - my $i = 0; - - my $instanceDir = $::config->get("service.instanceDir"); - - my $useExternalCA = $::config->get("preop.certenroll.useExternalCA"); - if ($useExternalCA eq "on") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: useExternalCA is on"); - } else { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: useExternalCA is off"); - &PKI::RA::Wizard::debug_log("CertRequestPanel: update auto enrollment should have been done, no more action needed"); - return 1; - } - - &PKI::RA::Wizard::debug_log("CertRequestPanel: update External CA selected, retrieve/process user input"); - - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("CertRequestPanel: update got token name = $tokenname"); - my $token_pwd = $::pwdconf->get($tokenname); - $token_pwd =~ s/\n//g; - open FILE, ">$instanceDir/conf/.pwfile"; - system( "chmod 00660 $instanceDir/conf/.pwfile" ); - print FILE $token_pwd; - close FILE; - - my $hw; - my $tk; - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - $tk = ""; - } else { - $hw = "-h $tokenname"; - $tk = $tokenname.":"; - } - - foreach my $certtag (@PKI::RA::Wizard::certtags) { - if ($certtag eq "subsystem") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: subsystem cert is pre-generated by the security domain"); - return 1; - } - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: for certag= $certtag"); - my $ccert = $::config->get("preop.cert.$certtag.cert"); - if ($ccert ne "") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: cert already exists in CS.cfg, go to next"); - next; - } - my $certchain = $q->param($certtag.'_cc'); - if ($certchain ne "") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: $certtag certchain is $certchain"); - my $cc_fn = "$instanceDir/conf/caCertChain.txt"; - my $tmp = `echo "$certchain" > $cc_fn`; - # remove existing one - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: try to delete existing certchain, if any....ok if it fails"); -# XXX remove should not be done lightly... - $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain1cert -a -i $cc_fn -o $instanceDir/conf/CAchain_pp.txt`; - my $r = $? >> 8; - my $failed = $? & 127; - if (($r > 0) && ($r < 10) && !$failed) { - my $i = 0; - while ($i ne $r) { - $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA $certtag cert$i"`; - $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA $certtag cert$i" -t "CT,C,C" -i $instanceDir/conf/chain1cert$i.der`; -# $tmp = `rm $cc_fn`; - $i++ - } - } - } else { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: no certchain included for certtag $certtag"); - } - - my $cert = $q->param($certtag); - if ($cert ne "") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: $certtag cert is $cert"); - my $nickname = $::config->get("preop.cert.$certtag.nickname"); - if ($nickname eq "") { - $nickname = "RA ".$certtag." cert"; - $::config->put("preop.cert.$certtag.nickname", $nickname); - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: $certtag cert nickname not found in CS.cfg, generating one= $nickname"); - } - #remove existing one - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: try to delete existing cert $nickname, if any....ok if it fails"); -#XXX remove should not be done lightly... - my $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`; - $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`; - #now import the cert - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: try to import cert"); - my $cert_fn = "$instanceDir/conf/$certtag"."_cert.txt"; - $tmp = `echo "$cert" > $cert_fn`; - -# $cert = extract_cert_from_file_sans_header_and_footer($cert_fn); - my $certa =""; - my $save_line = 0; - my @cert_a = split "\n", $cert; - foreach my $line (@cert_a) { - chomp( $line ); - $line =~ s/\r//g; - if ($line eq $cert_header) { - $save_line = 1; - } elsif( $line eq $cert_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $certa .= "$line"; - } - } - - &PKI::RA::Wizard::debug_log("CertRequestPanel: update putting cert in CS.cfg: $certa"); - - $::config->put("preop.cert.$certtag.cert", $certa); - - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: about to certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n $nickname -t u,u,u -a -i $cert_fn"); - $tmp = `certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n "$nickname" -t "u,u,u" -a -i $cert_fn`; - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: done certutil: $tmp"); - $tmp = `rm $cert_fn`; - - # changed the cert, need to change nickname too, if necessary - if ($hw ne "") { - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - if ($certtag eq "subsystem") { - $::config->put("conn.ca1.clientNickname","$tk$nickname"); - $::config->put("conn.drm1.clientNickname","$tk$nickname"); - $::config->put("conn.tks1.clientNickname","$tk$nickname"); - } - } - - } else { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: no cert"); - } - } - -DONE: - $::config->commit(); - my $tmp = `rm $instanceDir/conf/.pwfile`; - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertRequestPanel: display"); - - my $domain_name = $::config->get("preop.securitydomain.name"); - if ($domain_name eq "") { - $domain_name = "RA Domain"; - } - my $machine_name = $::config->get("service.machineName"); - my $instance_id = $::config->get("service.instanceID"); - - my $i = 0; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - my $cert_dn = $::config->get("preop.cert.".$certtag.".dn"); - if ($cert_dn eq "") { - if ($certtag eq "subsystem") { - $cert_dn = "CN=RA Subsystem, " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } elsif ($certtag eq "sslserver") { - $cert_dn ="CN=" . $machine_name . ", " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } else { - $cert_dn = $certtag; - } - } - - my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname"); - if ($name eq "") { - $name = $certtag."Cert ".$instance_id; - } - - my $reqcert = new PKI::RA::ReqCertInfo($name, - $cert_dn, $certtag); - $::symbol{reqscerts}[$i++] = $reqcert; - } - - $::symbol{errorString} = ""; - $::symbol{showApplyButton} = "true"; - - return 1; -} - -# arg0 message containing certificate -# return certificate sans header and footer -# -- all in a one-liner -sub extract_cert_from_file_sans_header_and_footer -{ - my $filename = $_[0]; - my $save_line = 0; - - my $fd = new FileHandle; - - my $cert = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - $line =~ s/^M//g; - - if( $line eq $cert_header ) { - $save_line = 1; - } elsif( $line eq $cert_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert .= "$line"; - } - } - - $fd->close(); - - return $cert; -} - - -1; diff --git a/base/ra/lib/perl/PKI/RA/Common.pm b/base/ra/lib/perl/PKI/RA/Common.pm deleted file mode 100755 index 8deab8c6c..000000000 --- a/base/ra/lib/perl/PKI/RA/Common.pm +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::RA::Common; - -use strict; -use warnings; -use Exporter; - -use vars qw(@ISA @EXPORT @EXPORT_OK); -@ISA = qw(Exporter Autoloader); -@EXPORT = qw(r yes no); - -$PKI::RA::Common::VERSION = '1.00'; - -sub yes { - return sub {1}; -} - -sub no { - return sub {0}; -} - -sub r { - my $a = shift; - return sub { $a; } -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/Config.pm b/base/ra/lib/perl/PKI/RA/Config.pm deleted file mode 100755 index f1ace5b03..000000000 --- a/base/ra/lib/perl/PKI/RA/Config.pm +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::RA::Config; - -use strict; -use warnings; -use Exporter; - -$PKI::RA::Config::VERSION = '1.00'; - -####################################################### -# Configuration Store -####################################################### -sub new { - my $class = shift; - my $self = {}; - my %hash = (); - $self->{filename} = ""; - $self->{hash} = \%hash; - bless $self,$class; - return $self; -} - -sub load_file -{ - my ($self, $filename) = @_; - - $self->{filename} = $filename; - if (-e $filename) { - open(CF, "<$filename"); - if (defined fileno CF) { - while (<CF>) { - if (/^#/) { - # comments - } elsif (/([^=]+)=(.*)$/) { - # print "$1 = $2\n"; - $self->{hash}{$1} = $2; - } else { - # preserve comments - } - } - } - close(CF); - } -} - -sub get_filename -{ - my ($self) = @_; - return $self->{filename}; -} - -sub get -{ - my ($self, $n) = @_; - return $self->{hash}{$n}; -} - -sub put -{ - my ($self, $n, $v) = @_; - $self->{hash}{$n} = $v; -} - -sub deleteSubstore -{ - my ($self, $n) = @_; - foreach my $xkey (keys %{$self->{hash}}) { - if ($xkey =~ /^\Q$n\E/) { - delete $self->{hash}{$xkey}; - } - } -} - -sub commit -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - - if (-e $self->{filename}) { - # Create a copy of the original file which - # preserves the original file permissions - system("cp -p \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - } - - # Overwrite the contents of the original file - # to preserve the original file permissions - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); - - if (-e $self->{filename} . "." . $suffix) { - system("rm \"" . $self->{filename} . "." . $suffix . "\""); - } -} - -sub commit_with_backup -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - # Create a copy of the original file which - # preserves the original file permissions - system("cp -p \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - - # Overwrite the contents of the original file - # to preserve the original file permissions - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); -} - -1; - -####################################################### -# Test Program -####################################################### -#my $config = PKI::RA::Config->new(); -#$config->load_file("/tmp/CS.cfg"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->put("tokendb.indexAdminTemplate", "Testing"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->commit(); - -1; - -####################################################### -# Test Program -####################################################### -#my $config = PKI::RA::Config->new(); -#$config->load_file("/tmp/CS.cfg"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->put("tokendb.indexAdminTemplate", "Testing"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->commit(); diff --git a/base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm b/base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm deleted file mode 100755 index bf74890cc..000000000 --- a/base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::ConfigHSMLoginPanel; -$PKI::RA::ConfigHSMLoginPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(9); - $self->{"getName"} = &PKI::RA::Common::r("Security Modules Login"); - $self->{"vmfile"} = "config_hsmloginpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 1; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel: update"); - my $uTokName = $q->param('uTokName'); - my $uPasswd = $q->param('__uPasswd'); - -# &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel: update tokname= $uTokName pwd =$uPasswd"); - - $::pwdconf->put($uTokName, $uPasswd); - $::pwdconf->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - use Data::Dumper; - $Data::Dumper::Indent = 1; -# &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> dump of q= ". Dumper($q)); - $::symbol{SecToken} = $q->param('SecToken'); -# &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> display has ".$q->param('SecToken')); - - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieving $q->param('SecToken') "); - my $pwd = $::pwdconf->get( $q->param('SecToken')); - if ($pwd ne "") { - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieved pwd from pwdconf"); - } - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm b/base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm deleted file mode 100755 index 095ed5879..000000000 --- a/base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::ConfigHSMPanel; -$PKI::RA::ConfigHSMPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&PKI::RA::Common::no; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(12); - $self->{"getName"} = &PKI::RA::Common::r("ConfigHSMLogin"); - $self->{"vmfile"} = "config_hsm.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMPanel: display"); - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm b/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm deleted file mode 100755 index fadd7727c..000000000 --- a/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::DRMInfoPanel; -$PKI::RA::DRMInfoPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(6); - $self->{"getName"} = &PKI::RA::Common::r("DRM Information"); - $self->{"vmfile"} = "drminfopanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DRMInfoPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DRMInfoPanel: update"); - - my $choice = $q->param('choice'); - $::config->put("preop.krainfo.keygen", $choice); - - if ($choice eq "keygen") { - my $count = $q->param('urls'); - my $instanceID = $::config->get("service.instanceID"); - my $host = ""; - my $https_agent_port = ""; - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_agent_port = $info->port; - } else { - $host = $::config->get("preop.securitydomain.kra$count.host"); - $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport"); - } - if (($host eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no DRM found. CA, TKS and DRM must be installed prior to RA installation"; - return 0; - } - - $::config->put("preop.krainfo.select", "https://$host:$https_agent_port"); - my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); - $::config->put("conn.drm1.clientNickname", $subsystemCertNickName); - $::config->put("conn.drm1.hostport", $host . ":" . $https_agent_port); - $::config->put("conn.tks1.serverKeygen", "true"); - $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "true"); - $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "true"); - } else { - # no keygen - $::config->put("conn.tks1.serverKeygen", "false"); - $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "false"); - $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "false"); - $::config->put("conn.drm1.clientNickname", ""); - $::config->put("conn.drm1.hostport", ""); - } - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DRMInfoPanel: display"); - - $::symbol{urls} = []; - my $count = 0; - while (1) { - my $host = $::config->get("preop.securitydomain.kra$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport"); - my $name = $::config->get("preop.securitydomain.kra$count.subsystemname"); - $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port; - } -DONE: - $::symbol{urls_size} = $count; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DatabasePanel.pm b/base/ra/lib/perl/PKI/RA/DatabasePanel.pm deleted file mode 100755 index e469e51f8..000000000 --- a/base/ra/lib/perl/PKI/RA/DatabasePanel.pm +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -use DBI; -package PKI::RA::DatabasePanel; -$PKI::RA::DatabasePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(8); - $self->{"getName"} = &PKI::RA::Common::r("Internal Database"); - $self->{"vmfile"} = "databasepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DatabasePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DatabasePanel: update"); - my $instDir = $::config->get("service.instanceDir"); - - # create local database - my $dbh = DBI->connect( - "dbi:SQLite:dbname=$instDir/conf/dbfile","",""); - - # create database lockfile - system("touch $instDir/conf/dblock"); - - open(F, "/usr/share/pki/ra/scripts/schema.sql"); - while (<F>) { - if (!($_ =~ /^#/)) { - $dbh->do($_); - } - } - close(F); - - $dbh->disconnect(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DatabasePanel: display"); - - my $machineName = $::config->get("service.machineName"); - my $instanceId = $::config->get("service.instanceID"); - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm b/base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm deleted file mode 100755 index 46c8a2902..000000000 --- a/base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm +++ /dev/null @@ -1,179 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use FileHandle; - -package PKI::RA::DisplayCertChain2Panel; -$PKI::RA::DisplayCertChain2Panel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(7); - $self->{"getName"} = &PKI::RA::Common::r("Display Certificate Chain"); - $self->{"vmfile"} = "displaycertchain2panel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: update"); - - my $instanceDir = $::config->get("service.instanceDir"); - -# my $caCert = readFile("$instanceDir/conf/caCertChain2.txt"); - my $caCert = extract_cert_from_file_sans_header_and_footer("$instanceDir/conf/caCertChain2.txt"); - - #store in config - $::config->put("preop.ca.certchain", $caCert); - $::config->commit(); - # import it into the security database - my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`; - my $r = $? >> 8; - my $failed = $? & 127; - if (($r > 0) && ($r < 10) && !$failed) { - my $i = 0; - while ($i ne $r) { - $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`; - $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i" -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`; - $i++ - } - } - - # clean up -# my $tmp = `rm $instanceDir/conf/caCertChain2.txt`; -# $tmp = `rm $instanceDir/conf/CAchain2_pp.txt`; - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display"); - my $instanceDir = $::config->get("service.instanceDir"); - - my $found = -e "$instanceDir/conf/caCertChain2.txt"; - my $certpp = ""; - if ($found) { - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display found caCertChain2.txt"); - my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`; - - $certpp = readFile("$instanceDir/conf/CAchain2_pp.txt"); - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display read CAchain2_pp.txt"); - $certpp =~ s/"//g; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: certpp2= $certpp"); - } - -# $symbol{certchain} = [ "cert1", "cert2" ]; -# $symbol{certchain_size} = 2; - $::symbol{certchain} = "$certpp"; - $::symbol{certchain_size} = 1; - - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display done"); - return 1; -} - -# return certificate sans header and footer -# -- all in a one-liner -sub extract_cert_from_file_sans_header_and_footer -{ - my $filename = $_[0]; - my $save_line = 0; - - my $fd = new FileHandle; - - my $cert = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - $line =~ s/^M//g; - - if( $line eq $cert_header ) { - $save_line = 1; - } elsif( $line eq $cert_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert .= "$line"; - } - } - - $fd->close(); - - return $cert; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm b/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm deleted file mode 100755 index dd991a917..000000000 --- a/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm +++ /dev/null @@ -1,348 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use MIME::Base64; - -package PKI::RA::DisplayCertChainPanel; -$PKI::RA::DisplayCertChainPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(2); - $self->{"getName"} = &PKI::RA::Common::r("Display Certificate Chain"); - $self->{"vmfile"} = "displaycertchainpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 1; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: validate"); - return 1; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update"); - - my $instanceDir = $::config->get("service.instanceDir"); - - my $caCert = readFile("$instanceDir/conf/caCert.txt"); - - #store in config - $::config->put("preop.ca.certchain", $caCert); - $::config->commit(); - - # import it into the security database -# my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`; - my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/alias\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`; - - # clean up - my $tmp = `rm $instanceDir/conf/caCert.txt`; - $tmp = `rm $instanceDir/conf/caCert.der`; - $tmp = `rm $instanceDir/conf/caCert_pp.txt`; - - # complete the SecurityDomain task - my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); - if ($sdomainAdminURL eq "") { - return 2; - } - - my $machineName = $::config->get("service.machineName"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $unsecurePort = $::config->get("service.unsecurePort"); - - # check if url is accessible - # redirect to the security domain authentication - if ($ENV{'SERVER_PORT'} eq $unsecurePort) { - $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=http%3A%2F%2F" . $machineName . "%3A" . $unsecurePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; - } else { - $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2F" . $machineName . "%3A" . $non_clientauth_securePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; - } - - get_domain_xml($sdomainAdminURL); - - - return 3; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: display"); - - # connect to the CA, and retrieve the CA certificate - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update connecting to CA and retrieve cert chain"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); - if ($sdomainAdminURL eq "") { - return 2; - } - - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $url_info = new URI::URL($sdomainAdminURL); - my $sd_host = $url_info->host; - my $sd_admin_port = $url_info->port; - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`; - - my $caCert = ""; - if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) { - $caCert = $1; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: ca= $caCert"); - } - - my $certpp = ""; - if ($caCert ne "") { - open(F, ">$instanceDir/conf/caCert.txt"); - print F $caCert; - close(F); - - # test to see if tmp directory exists, if not, create - my $found = -e "$instanceDir/conf/tmp"; - if (! $found) { - my $tmp = `mkdir $instanceDir/conf/tmp`; - } - - # import it into a temporary security database -# my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`; - # my $cmd1 = `/usr/bin/openssl base64 -d -A -in $instanceDir/conf/caCert.txt -out $instanceDir/conf/caCert.der`; - - my $txt = `cat $instanceDir/conf/caCert.txt`; - open(OUT, ">$instanceDir/conf/caCert.der"); - print OUT MIME::Base64::decode($txt); - close(OUT); - - my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/conf/tmp\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`; - - # get pretty print from temp db - my $tmp = `certutil -d $instanceDir/conf/tmp -n "caCert" -L > $instanceDir/conf/caCert_pp.txt`; - $certpp = readFile("$instanceDir/conf/caCert_pp.txt"); - $certpp =~ s/"//g; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: certpp= $certpp"); - # clean up temp db - $tmp = `certutil -d $instanceDir/alias/tmp -D -n "caCert"`; - } else { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update no certchain found"); - } - - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: display certchain=$caCert"); - -# $symbol{certchain} = [ "cert1", "cert2" ]; -# $symbol{certchain_size} = 2; - $::symbol{certchain} = "$certpp"; -# This certchain_size does not matter - $::symbol{certchain_size} = 1; - - return 1; -} - -sub get_domain_xml -{ - my ($sdomainAdminURL) = @_; - - my $sdom_info = new URI::URL($sdomainAdminURL); - # get the domain xml - # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $sd_host = $sdom_info->host; - my $sd_admin_port = $sdom_info->port; - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - &PKI::RA::Wizard::debug_log("content = " . $content); - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $xml = $parser->XMLin($response->{'DomainInfo'}, - ForceArray => 1); - - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: security domain '" . - $xml->{'Name'}[0] . "'"); - $::config->put("preop.securitydomain.name", $xml->{'Name'}[0]); - $::config->put("securitydomain.name", $xml->{'Name'}[0]); - - # parse xml and store information in CS.cfg - my $count = 0; - $count = 0; - foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found CA '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.ca" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".secureport", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".secureagentport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".secureadminport", - $c->{'SecureAdminPort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".host", - $c->{'Host'}[0]); - - # The user previously specified the CA Security Domain's - # SSL Admin URL in the "Security Domain Panel"; - # now retrieve this specified CA Security Domain's - # non-SSL EE, SSL Agent, and SSL EE URLs: - if( $sd_admin_port eq $c->{'SecureAdminPort'}[0] ) { - # Build the URLs - my $http_ee_port = "https://" - . $c->{'Host'}[0] - . ":" - . $c->{'UnSecurePort'}[0]; - my $https_agent_port = "https://" - . $c->{'Host'}[0] - . ":" - . $c->{'SecureAgentPort'}[0]; - my $https_ee_port = "https://" - . $c->{'Host'}[0] - . ":" - . $c->{'SecurePort'}[0]; - - # Store the URLs - $::config->put( "config.sdomainHttpURL", $http_ee_port ); - $::config->put( "config.sdomainAgentURL", $https_agent_port ); - $::config->put( "config.sdomainEEURL", $https_ee_port ); - - # Store additional values necessary for 'pkiremove' . . . - $::config->put( "securitydomain.httpport", - $c->{'UnSecurePort'}[0] ); - $::config->put( "securitydomain.httpsagentport", - $c->{'SecureAgentPort'}[0] ); - $::config->put( "securitydomain.httpseeport", - $c->{'SecurePort'}[0] ); - } - - $count++; - } - - $count = 0; - foreach my $c (@{$xml->{'TKSList'}[0]->{'TKS'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found TKS '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.tks" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".secureport", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".secureagentport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".secureadminport", - $c->{'SecureAdminPort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".host", - $c->{'Host'}[0]); - $count++; - } - - $count = 0; - foreach my $c (@{$xml->{'KRAList'}[0]->{'KRA'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found KRA '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.kra" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".secureport", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".secureagentport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".secureadminport", - $c->{'SecureAdminPort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".host", - $c->{'Host'}[0]); - $count++; - } - - $count = 0; - foreach my $c (@{$xml->{'RAList'}[0]->{'RA'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found RA '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.ra" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".secureport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".non_clientauth_secure_port", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".host", - $c->{'Host'}[0]); - $count++; - } - $::config->commit(); -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DonePanel.pm b/base/ra/lib/perl/PKI/RA/DonePanel.pm deleted file mode 100755 index cf5f75df0..000000000 --- a/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ /dev/null @@ -1,399 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use XML::Simple; - -package PKI::RA::DonePanel; -$PKI::RA::DonePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(16); - $self->{"getName"} = &PKI::RA::Common::r("Done"); - $self->{"vmfile"} = "donepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DonePanel: validate"); - return 1; -} -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DonePanel: update"); - return 1; -} - -sub register_ra -{ - my ($sdom, $url, $uri, $xname) = @_; - - &PKI::RA::Wizard::debug_log("DonePanel: register_ra at $url"); - &PKI::RA::Wizard::debug_log("DonePanel: subsystem $xname uri=$uri"); - - my $url_info = new URI::URL($url); - my $sdom_info = new URI::URL($sdom); - - # register RA to Security Domain - # submit request to CA - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $session_id = $::config->get("preop.sessionID"); - - &PKI::RA::Wizard::debug_log("DonePanel: Security Domain Info " . $url); - - # add service.securityDomainPort to the config file in case pkiremove - # needs to remove system reference from the security domain - $::config->put("service.securityDomainPort", $securePort); - $::config->commit(); - - my $uid = "RA-" . $machineName . "-" . $securePort; - my $name = "Registration Authority Subsystem"; - - my $instDir = $::config->get("service.instanceDir"); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - - my $hw; - my $tk; - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname"); - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - $tk = ""; - } else { - $hw = "-h $tokenname"; - $tk = $tokenname.":"; - } - - my $token_pwd = $::pwdconf->get($tokenname); - open FILE, ">$instDir/conf/.pwfile"; - system( "chmod 00660 $instDir/conf/.pwfile" ); - $token_pwd =~ s/\n//g; - print FILE $token_pwd; - close FILE; - - my $subsystemNickname = $::config->get("preop.cert.subsystem.nickname"); - my $certificate = `/usr/bin/certutil -d "$instDir/alias" -L $hw -f "$instDir/conf/.pwfile" -n "$subsystemNickname" -a`; - $certificate =~ s/-----BEGIN CERTIFICATE-----//g; - $certificate =~ s/-----END CERTIFICATE-----//g; - $certificate =~ s/\n$//g; - - - &PKI::RA::Wizard::debug_log("DonePanel: Connecting"); - - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $params = "uid=" . $uid . "&" . - "name=" . $name . "&" . - "certificate=" . - URI::Escape::uri_escape("$certificate") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_info->host . "&" . - "auth_port=" . $sdom_info->port; - - my $host = $url_info->host; - my $port = $url_info->port; - my $tmpfile = "/tmp/donepanel-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile"); - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile"); - } - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - - &PKI::RA::Wizard::debug_log("req = " . $content); - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - &PKI::RA::Wizard::debug_log("DonePanel: result " . $content); - my $tmp = `rm $instDir/conf/.pwfile`; -} - -sub get_kra_transport_cert -{ - my ($sdom) = @_; - - my $sdom_info = new URI::URL($sdom); - - # register RA to Security Domain - # submit request to CA - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to KRA"); - - my $krainfo = $::config->get("preop.krainfo.select"); - my $krainfo_url = new URI::URL($krainfo); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $session_id = $::config->get("preop.sessionID"); - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $params = "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_info->host . "&" . - "auth_port=" . $sdom_info->port; - - my $host = $krainfo_url->host; - my $port = $krainfo_url->port; - my $tmpfile = "/tmp/donepanel-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile"); - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile"); - } - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $transportCert = $response->{TransportCert}; - - &PKI::RA::Wizard::debug_log("DonePanel: TransportCert " . $transportCert); - - return $transportCert; -} - -sub send_kra_transport_cert -{ - my ($sdom, $certificate) = @_; - - my $sdom_info = new URI::URL($sdom); - - # register RA to Security Domain - # submit request to CA - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to TKS"); - my $tksinfo = $::config->get("preop.tksinfo.select"); - my $tksinfo_url = new URI::URL($tksinfo); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $session_id = $::config->get("preop.sessionID"); - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $name = "transportCert-" . $machineName . "-" . $securePort; - my $params = "name=" . $name . "&" . - "certificate=" . - URI::Escape::uri_escape("$certificate") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_info->host . "&" . - "auth_port=" . $sdom_info->port; - - my $host = $tksinfo_url->host; - my $port = $tksinfo_url->port; - my $tmpfile = "/tmp/donepanel-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile"); - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile"); - } - - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - &PKI::RA::Wizard::debug_log("DonePanel: Response from TKS " . $content); -} - -sub display -{ - my ($q) = @_; - # $symbol{systemType} = "ra"; - # $symbol{host} = "chico"; - # $symbol{port} = "443"; - &PKI::RA::Wizard::debug_log("DonePanel: display"); - - my $status = $::config->get("preop.done.status"); - if ($status eq "done") { - return 1; - } - - my $instDir = $::config->get("service.instanceDir"); - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - if (($tokenname ne "") && ($tokenname ne "NSS Certificate DB")) { - open(PWD_CONF, ">>$instDir/conf/password.conf"); - print PWD_CONF "$tokenname:$token_pwd\n"; - close (PWD_CONF); - } - - # Add this RA's server certificate to the subsystems - my $sdom = $::config->get("config.sdomainEEURL"); - my $cainfo = $::config->get("preop.cainfo.select"); - $cainfo =~ s/.* - //g; - ®ister_ra($sdom, $cainfo, $::config->get("conn.ca1.servlet.addagent"), "CA"); - - $::config->put("preop.done.status", "done"); - $::config->commit(); - - # update httpd.conf - open(TMP_HTTPD_CONF, ">$instDir/conf/httpd.conf.tmp"); - system( "chmod 00660 $instDir/conf/httpd.conf.tmp" ); - open(HTTPD_CONF, "<$instDir/conf/httpd.conf"); - while (<HTTPD_CONF>) { - if (/^#\[ErrorDocument_404\]/) { - print TMP_HTTPD_CONF "ErrorDocument 404 /404.html\n"; - } elsif (/^#\[ErrorDocument_500\]/) { - print TMP_HTTPD_CONF "ErrorDocument 500 /500.html\n"; - } else { - print TMP_HTTPD_CONF $_; - } - } - close(HTTPD_CONF); - close(TMP_HTTPD_CONF); - - # Create a copy of the original file which - # preserves the original file permissions - system( "cp -p $instDir/conf/httpd.conf.tmp $instDir/conf/httpd.conf" ); - - # Remove the original file only if the backup copy was successful - if( -e "$instDir/conf/httpd.conf" ) { - system( "rm $instDir/conf/httpd.conf.tmp" ); - } - - # update nss.conf - open(TMP_NSS_CONF, ">$instDir/conf/nss.conf.tmp"); - system( "chmod 00660 $instDir/conf/nss.conf.tmp" ); - open(NSS_CONF, "<$instDir/conf/nss.conf"); - while (<NSS_CONF>) { - if (/^NSSNickname/) { - print TMP_NSS_CONF "NSSNickname \"$nickname\"\n"; - } else { - print TMP_NSS_CONF $_; - } - } - close(NSS_CONF); - close(TMP_NSS_CONF); - - # Create a copy of the original file which - # preserves the original file permissions - system( "cp -p $instDir/conf/nss.conf.tmp $instDir/conf/nss.conf" ); - - # Remove the original file only if the backup copy was successful - if( -e "$instDir/conf/nss.conf" ) { - system( "rm $instDir/conf/nss.conf.tmp" ); - } - - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $instanceID = $::config->get("service.instanceID"); - - my $initDaemon = "pki-rad"; - my $restartCommand = ""; - if( $^O eq "linux" ) { - $restartCommand = "systemctl restart $initDaemon\@$instanceID.service"; - } else { - ## default case: e. g. - ( $^O eq "solaris" ) - $restartCommand = "/etc/init.d/$initDaemon restart $instanceID"; - } - - $::symbol{host} = $machineName; - $::symbol{unsecurePort} = $unsecurePort; - $::symbol{port} = $securePort; - $::symbol{non_clientauth_port} = $non_clientauth_securePort; - $::symbol{restartCommand} = $restartCommand; - $::symbol{instanceID} = $instanceID; - - $::config->deleteSubstore("preop."); - $::config->commit(); - - ## Create an empty file that designates the fact that although - ## this server instance has been configured, it has NOT yet - ## been restarted! - my $restart_server = "$instDir/conf/restart_server_after_configuration"; - system( "touch $restart_server" ); - system( "chmod 00660 $restart_server" ); - - system("rm $instDir/conf/*.txt $instDir/conf/*.der"); - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/GlobalVar.pm b/base/ra/lib/perl/PKI/RA/GlobalVar.pm deleted file mode 100755 index 388a41349..000000000 --- a/base/ra/lib/perl/PKI/RA/GlobalVar.pm +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; - -package PKI::RA::GlobalVar; -$PKI::RA::GlobalVar::VERSION = '1.00'; - -sub new { - my $class = shift; - my $self = {}; - my %args = (@_); - foreach my $q (keys %args) { - $self->{$q} = $args{$q}; - } - bless $self,$class; - return $self; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm b/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm deleted file mode 100755 index 9f9bef94a..000000000 --- a/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::ImportAdminCertPanel; -$PKI::RA::ImportAdminCertPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(15); - $self->{"getName"} = &PKI::RA::Common::r("Import Administrator Certificate"); - $self->{"vmfile"} = "importadmincertpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: update"); - - # register to Security Domain - my $sdom = $::config->get("config.sdomainAgentURL"); - my $sdom_url = new URI::URL($sdom); - - # - # we need to authenticate to the security domain with the subsystem - # certificate - # - my $machineName = $::config->get("service.machineName"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $securePort = $::config->get("service.securePort"); - my $subsystemName = $::config->get("preop.subsystem.name"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - my $name = $subsystemName; - my $subCertNickName = $::config->get("preop.cert.subsystem.nickname"); - - $db_password =~ s/\n$//g; - - my $params = "list=" . "RAList" . "&" . - "type=" . "RA" . "&" . - "host=" . $machineName . "&" . - "name=" . $name . "&" . - "sport=" . $securePort . "&" . - "dm=false"; # domain manager or not - - my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$subCertNickName\" -r \"/ca/agent/ca/updateDomainXML?$params\" $sdom_url->host:$sdom_url->port`; - - # Fetch the "updated" security domain and display it - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: Dump contents of updated Security Domain . . ."); - my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); - my $sdom_info = new URI::URL($sdomainAdminURL); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $sd_host = $sdom_info->host; - my $sd_admin_port = $sdom_info->port; - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - &PKI::RA::Wizard::debug_log($content); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: display"); - - my $cainfo = $::config->get("preop.cainfo.select"); - - my $cainfo_url = new URI::URL($cainfo); - my $serialNumber = $::config->get("preop.admincert.serialno.0"); - - $::symbol{info} = ""; - $::symbol{errorString} = ""; - $::symbol{import} = "true"; - $::symbol{ca} = "false"; - $::symbol{caType} = "ca"; - $::symbol{caHost} = $cainfo_url->host; - $::symbol{caPort} = $cainfo_url->port; - $::symbol{serialNumber} = $serialNumber; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/Login.pm b/base/ra/lib/perl/PKI/RA/Login.pm deleted file mode 100755 index d248e5481..000000000 --- a/base/ra/lib/perl/PKI/RA/Login.pm +++ /dev/null @@ -1,466 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -# wizard - -# Fedora Certificate System - Registration Authority System configuration wizard - - -# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding -# the following to /etc/httpd/conf.d/perl.conf -# -# PerlModule ModPerl::Registry -# PerlModule Apache::compat -# PerlModule PKI::RA::Wizard -# PerlSetEnv PKI_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui -# <Location /wizard> -# SetHandler perl-script -# PerlHandler PKI::RA::Wizard -# Order deny,allow -# Allow from all -# </Location> - - -# Note: The Velocity parser is not very helpful when it comes to -# errors right now. Here are some common errors, and what they mean: -# -# ERROR: -# [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] -# Can't use string ("0") as an ARRAY ref while "strict refs" -# in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm -# line 423.\n, referer: http://chico/wizard?p=2 -# MEANING -# This probably means that your *.vm file refers to an array -# variable in a foreach statement that is not defined -# Check your foreach array variables. - -use warnings; -use ModPerl::Registry; -use Template::Velocity; -use Getopt::Std; -use Data::Dumper; -use CGI::Carp qw(fatalsToBrowser); -use CGI; -use APR::Const -compile => qw(:error SUCCESS); -use PKI::RA::GlobalVar; -use PKI::RA::WelcomePanel; -use PKI::RA::SecurityDomainPanel; -use PKI::RA::DisplayCertChainPanel; -use PKI::RA::SubsystemTypePanel; -use PKI::RA::CAInfoPanel; -use PKI::RA::TKSInfoPanel; -use PKI::RA::DRMInfoPanel; -use PKI::RA::DisplayCertChain2Panel; -use PKI::RA::AdminAuthPanel; -use PKI::RA::AgentAuthPanel; -use PKI::RA::DatabasePanel; -use PKI::RA::ModulePanel; -use PKI::RA::SizePanel; -use PKI::RA::NamePanel; -use PKI::RA::ConfigHSMLoginPanel; -use PKI::RA::CertRequestPanel; -use PKI::RA::AdminPanel; -use PKI::RA::ImportAdminCertPanel; -use PKI::RA::LoginPanel; -use PKI::RA::DonePanel; -use PKI::RA::Config; - -use PKI::RA::Common qw(yes no r); - -package PKI::RA::Login; -$PKI::RA::Login::VERSION = '1.00'; - -# read configuration file -my $flavor = "pki"; -$flavor =~ s/\n//g; - -my $pkiroot = $ENV{PKI_ROOT}; - -my $config = PKI::RA::Config->new(); -$config->load_file("$pkiroot/conf/CS.cfg"); -# read password cache file -my $pwdconf = PKI::RA::Config->new(); -$pwdconf->load_file("$pkiroot/conf/pwcache.conf"); -# SELinux disallows performing a "chmod" on this file -if( $^O ne "linux" ) { - system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); -} - -# create cfg debug log -my $logfile = $config->get("service.instanceDir") . "/logs/debug"; -open( DEBUG, ">>" . $logfile ) || -warn( "Could not open '" . $logfile . "': $!" ); - -# apache server - -our $debug; - -my $STATUS_OK = 1; -my $STATUS_ERROR = 2; -my $STATUS_REDIRECT = 3; - -&debug_log("RA wizard: starting up"); - -my $docroot = $ENV{PKI_DOCROOT}; - -if (! $docroot) { - &debug_log("RA wizard: ERROR: PKI_DOCROOT is null"); - return 0; -} - -our $parser = new Template::Velocity($docroot); -our $symbol; -our @certtags; - -makepanels(); - -&debug_log("RA wizard: start up complete"); - -1; - -sub debug_log -{ - my ($msg) = @_; - my $date = `date`; - chomp($date); - if( -w $logfile ) { - print DEBUG "$date - $msg\n"; - } -} - - # initializes entries in parser's global symbol table for panels -sub makepanels -{ - #REAL PANELS BELOW - my $login = new PKI::RA::LoginPanel(); - - $symbol{panels} = [ - $login, # com.netscape.cms.servlet.csadmin.WelcomePanel - ]; -}; - -sub render_panel -{ - my ($panelnum, $q) = @_; - - $symbol{errorString} = ""; - - my $currentpanel; - - if ($q->param('op') && $q->param('op') eq "next") { - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - my $status = "0"; - - if ($currentpanel->{update}) { - $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - - &debug_log("RA wizard: about to find out about sub panel"); - if ($status eq "1") { - if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) { - &debug_log("RA wizard: has sub panel"); - $panelnum = $panelnum + 2; - } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) { - &debug_log("RA wizard: is sub panel"); - $panelnum = $panelnum - 1; - } else { - &debug_log("RA wizard: no sub panel and is not subpanel"); - $panelnum = $panelnum + 1; - } - } - } elsif ($q->param('op') && $q->param('op') eq "back") { - $panelnum = $panelnum - 1; - #check if this a subpanel, if so, go back to it's parent. - #only handles one-deep at this point - my $panel = $symbol{panels}[$panelnum]; - if (&{$panel->{isSubPanel}}($q)) { - $panelnum = $panelnum - 1; - } - } elsif ($q->param('op') && $q->param('op') eq "apply") { - &debug_log("RA wizard: update : apply button pressed"); - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - if ($currentpanel->{update}) { - my $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - } - - &debug_log("RA wizard: after looking into about sub panel"); - - # advance to next panel - $currentpanel = $symbol{panels}[$panelnum]; - - # initialize symbol table values - $symbol{showApplyButton} = "false"; - - # fill in variables for new panel - if ($currentpanel->{panelvars}) { - $Data::Dumper::Indent = 1; - # The '&debug_log("q=".Dumper($q));' call must be commented out to fix - # Bugzilla Bug #249923: Incorrect file permissions on - # various files and/or directories - # &debug_log("q=".Dumper($q)); - $currentpanel->{panelvars}($q); - } - - $symbol{panel} = "ra/admin/console/config/".$currentpanel->{vmfile}; - - #wizard.vm: - $symbol{name} = "Registration Authority System"; - $symbol{title} = $currentpanel->{getName}(); - if ($panelnum == 0) { - $symbol{firstpanel} = "1"; - } else { - $symbol{firstpanel} = "0"; - } - if ($panelnum == 17) { - $symbol{lastpanel} = "1"; - } else { - $symbol{lastpanel} = "0"; - } - $symbol{p} = $panelnum; - $symbol{subpanelno} = $panelnum+1; - $symbol{csstate} = "1"; - -# $symbol{urls} = [ "cert1", "cert2" ]; #createsubsystem -# $symbol{urls_size} = 2; -# $symbol{instanceId} = "ra"; -# $symbol{errorString} = ""; - - #modulepanel -# $symbol{certs} = [ ]; -# $symbol{reqscerts} = [ ]; - $symbol{ppcerts} = [ ]; - - return $STATUS_OK; -} - - - -sub dbg { - my $msg = shift; - $::symbol{dbg} .= "$msg\n"; -} - -sub handler { - my $r = shift; - - *::symbol = \%symbol; - *::s = \$s; - *::config = \$config; - *::pwdconf = \$pwdconf; - - &debug_log("RA wizard: in handler"); - if ($#ARGV == -1) { - $r->send_http_header('text/html'); - } - - my $q = new CGI; - - # check cookie - my $pin = $q->param('pin'); - if (defined($pin)) { - my $cookie = $q->cookie( - -name=>'pin', - -value=> $pin, - -expires=>'+1y', - -path=>'/'); - print $q->redirect(-location => "wizard", -cookie => $cookie); - return; - } - - # output http parameters - &debug_log("RA wizard: uri='" . $ENV{REQUEST_URI} . "'"); - my @pnames = $q->param(); - foreach $pn (@pnames) { - # added this facility so that password can be hidden, - # all sensitive parameters should be prefixed with - # __ (double underscores); however, in the event that - # a security parameter slips through, we perform multiple - # additional checks to insure that it is NOT displayed - if( $pn =~ /^__/ || - $pn =~ /password$/ || - $pn =~ /passwd$/ || - $pn =~ /pwd$/ || - $pn =~ /admin_password_again/i || - $pn =~ /directoryManagerPwd/i || - $pn =~ /bindpassword/i || - $pn =~ /bindpwd/i || - $pn =~ /passwd/i || - $pn =~ /password/i || - $pn =~ /pin/i || - $pn =~ /pwd/i || - $pn =~ /pwdagain/i || - $pn =~ /uPasswd/i ) { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='(sensitive)'"); - } else { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); - } - } - - my $panelnum = $q->param('p'); - if (!defined($panelnum) || $panelnum eq "") { - # Apache fails to pick up the p parameter after - # redirecting from the security domain. This is - # a quick hack to solve the issue. - if ($ENV{'QUERY_STRING'} ne "") { - $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/; - $panelnum = $1; - } - } - - use subs qw(debug); - *debug = \&Template::Velocity::Executor::debug; - - $::symbol{dbg} = ""; - - &debug_log("RA wizard: before argparsing"); - if ($#ARGV == -1) { - $Data::Dumper::Maxdepth = 7; - $startfile = "ra/admin/console/config/login.vm"; - } - - &debug_log("RA wizard: setting up test objects"); - - #initialize from config file - my $certlist = $::config->get("preop.cert.list"); - if ($certlist eq "") { - $certlist = "sslserver,subsystem"; - } - @certtags = split(/,/, $certlist); - $numtags = @certtags; - if ($numtags eq 0) { - @certtags = ("sslserver", "subsystem"); - } - &debug_log("RA wizard: found $numtags certtags"); - - if (! $panelnum) { - $panelnum = 0; - } - - my $status = render_panel($panelnum, $q); - if ($status == 3) { - $r->header_out(Location => $symbol{redirect}); - $r->status(301); - $r->send_http_header(); - return; - } - - use Data::Dumper; - &debug_log("RA wizard: executing file $startfile"); - foreach $q (sort keys %symbol) { - &debug_log("RA wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q}); - } - - my $result; - if ($q->param("xml") eq "true") { - $r->send_http_header('text/xml'); - $result = "<xml>"; - foreach $s (sort keys %symbol) { - if ($s =~ /^__/) { - next; - } - $result .= "<" . $s . ">"; - my $v = $symbol{$s}; - $result .= &get_xml($s, $v); - $result .= "</" . $s . ">"; - } - $result .= "</xml>"; - } else { - $result = $parser->execute_file($startfile); - if (!defined $result) { - die("Couldn't execute template file: $docroot/$startfile"); - } - } - - print "$result\n"; - return $STATUS_OK; -} - -sub get_xml -{ - my ($s, $v) = @_; - - my $result; - if (ref($v) eq "HASH") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $v{$xkey}); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "PKI::RA::CertInfo") { - my $certinfo = $v; - $result .= "<certinfo>"; - $result .= "<dn>" . $certinfo->get_dn() ."</dn>"; - $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>"; - $result .= "<friendly>" . $certinfo->get_user_friendly_name() . - "</friendly>"; - $result .= "</certinfo>"; - } elsif (ref($v) eq "PKI::RA::ReqCertInfo") { - my $reqcertinfo = $v; - $result .= "<reqcertinfo>"; - $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>"; - $result .= "<req>" . $reqcertinfo->get_request() ."</req>"; - $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>"; - $result .= "<certpp>" . $reqcertinfo->get_cert_pp() ."</certpp>"; - $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>"; - $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>"; - $result .= "</reqcertinfo>"; - } elsif (ref($v) eq "ARRAY") { - my $pos = 0; - foreach my $item (@$v) { - $result .= "<element>"; - $result .= &get_xml("p" . $pos, $item); - # $result .= "-" . ref($item); - $result .= "</element>"; - $pos++; - } - } else { - $result .= $v; - } - return $result; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/LoginPanel.pm b/base/ra/lib/perl/PKI/RA/LoginPanel.pm deleted file mode 100755 index 66f40acfe..000000000 --- a/base/ra/lib/perl/PKI/RA/LoginPanel.pm +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::LoginPanel; -$PKI::RA::LoginPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(0); - $self->{"getName"} = &PKI::RA::Common::r("Welcome"); - $self->{"vmfile"} = "login.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log($ENV{'SERVER_PORT'}); - &PKI::RA::Wizard::debug_log("Debug=" . $::config->get("logging.debug.enable")); - &PKI::RA::Wizard::debug_log("WelcomePanel: display"); - $::symbol{wizardname} = "RA Configuration Wizard"; - $::symbol{systemname} = "RA"; - $::symbol{fullsystemname} = "Registration Authority"; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/ModulePanel.pm b/base/ra/lib/perl/PKI/RA/ModulePanel.pm deleted file mode 100755 index 87ce056bc..000000000 --- a/base/ra/lib/perl/PKI/RA/ModulePanel.pm +++ /dev/null @@ -1,273 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::Modutil; - -package PKI::RA::ModulePanel; -$PKI::RA::ModulePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $modutil; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(9); - $self->{"getName"} = &PKI::RA::Common::r("Security Modules"); - $self->{"vmfile"} = "modulepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - - my $flavor = "pki"; - $flavor =~ s/\n//g; - - my $pkiroot = $ENV{PKI_ROOT}; - $modutil = new PKI::RA::Modutil("$pkiroot/alias"); - - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 1; -} - -sub validate -{ - my ($q) = @_; - return 1; -} - -sub update -{ - my ($q) = @_; - my $defTok = $::config->get("preop.module.token"); - my $select = $q->param('choice'); - if ($select eq "") { - &PKI::RA::Wizard::debug_log("ModulePanel -> update no selection found"); - $::symbol{errorString} = "No selection found"; - return 0; - } elsif ($defTok ne $select) { - &PKI::RA::Wizard::debug_log("ModulePanel -> update changing defTok to $select"); - $::config->put("preop.module.token", $select); - $::config->put("preop.ModulePanel.done", "true"); - } else { - # this is not an error...just information - &PKI::RA::Wizard::debug_log("ModulePanel -> update defTok not changed"); - } - - $::config->commit(); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ModulePanel -> display"); - getModules(); - my $defTok = $::config->get("preop.module.token"); - - $::symbol{defTok} = $defTok; - - return 1; -} - -use Data::Dumper; -sub getTokens { - my $modulename = shift; - - &PKI::RA::Wizard::debug_log("ModulePanel -> getTokens"); - -#$Data::Dumper::Indent = 0; -#PKI::RA::Wizard::dbg("in gettokens. modutil = ".Dumper($modutil)); - my @tokens; - my $mod = $modutil->getmodule($modulename); - foreach my $tokenname (keys %{$mod->{tokens}}) { - #PKI::RA::Wizard::dbg("found token $tokenname"); - if ($tokenname ne "NSS Generic Crypto Services") { - my $token = $modutil->gettoken($tokenname); - my $t = new PKI::RA::GlobalVar( - getNickName => sub { return $tokenname; }, - isLoggedIn => sub { return isLoggedIn($tokenname); }, - isPresent => sub { return 1; }, - ); - push @tokens, $t; - } else { - &PKI::RA::Wizard::debug_log("ModulePanel -> getTokens token NSS Generic Crypto Services not available for key generation"); - - } - } - - return \@tokens; -} - -# if password is found, then it's considered "logged in" -# otherwise it is "not logged in" -sub Login { - my $tokenname = $_[0]; - my $pwd = $::pwdconf->get($tokenname); - if ($pwd ne "") { - &PKI::RA::Wizard::debug_log("ModulePanel -> isLoggedIn retrieved pwd from pwdconf"); - return 1; - } - &PKI::RA::Wizard::debug_log("ModulePanel -> isLoggedIn pwd not found from pwdconf for token: $tokenname"); - - if ($tokenname eq "NSS Certificate DB") { - my $instanceDir = $::config->get("service.instanceDir"); - &PKI::RA::Wizard::debug_log("ModulePanel -> isLoggedIn get internal password for $tokenname"); - # these are referred as "internal" in password.conf - $pwd = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $pwd =~ s/\n//g; - $::pwdconf->put($tokenname, $pwd); - $::pwdconf->commit(); - - return 1; - } - return 0; -} - -sub isLoggedIn { - my $tokenname = $_[0]; - return &Login($tokenname); -} - -sub getModules { - my $count; - my $i; - my @supportedModules; - - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules"); - $count = $::config->get("preop.configModules.count"); - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules count =$count"); - - my @modules = $modutil->getmodules(); - # $::symbol{steve} = join ",Module:", @modules; - # $::symbol{steve}.= "\n"; - - my $x = " - preop.configModules.count=3 - preop.configModules.module0.commonName=NSS Internal PKCS #11 Module - preop.configModules.module0.imagePath=../img/mozilla.png - preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module - preop.configModules.module1.commonName=nfast - preop.configModules.module1.imagePath=../img/ncipher.png - preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module - preop.configModules.module2.commonName=lunasa - preop.configModules.module2.imagePath=../img/safenet.png - preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module - "; - - my %supmodules; - for ($i=0; $i <$count; $i++) { - my $cn; - my $pn; - my $img; -# &PKI::RA::Wizard::debug_log("ModulePanel -> getModules look for cn=","preop.configModules.module" , $i , ".commonName"); - $cn = $::config->get("preop.configModules.module$i.commonName"); - $supmodules{$cn} = 1; - - $pn = $::config->get("preop.configModules.module$i.userFriendlyName"); - $img = $::config->get("preop.configModules.module$i.imagePath"); - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: got module $cn from config"); - - my $module = $modutil->getmodule($cn); - my $file = $module->{detail}->{"Library file"}; - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules Library file = $file"); - my $found = 0; - if ($file) { - $found = ($file =~ /Internal ONLY module/) || -e $file; - } - - my $name = $module->{detail}->{Name}; -# PKI::RA::Wizard::dbg("name: $name"); - - $supportedModules[$i] = new PKI::RA::GlobalVar( - getImagePath => sub { return $img; }, - getUserFriendlyName => sub { return $pn; }, - isFound => sub { return $found; }, - getTokens => sub { return getTokens($name); }, - ); - - # login to tokens - &PKI::RA::Wizard::debug_log("Ready to login to tokens for $name"); - my $mod = $modutil->getmodule($name); - foreach my $tokenname (keys %{$mod->{tokens}}) { - &PKI::RA::Wizard::debug_log("Logging in Module $name Token " . $tokenname); - &Login($tokenname); - } - - } - - my @otherModules; - #compile the "others" modules - - foreach my $modname (@modules) { - #is this modname in the supported modules list? - if ($supmodules{$modname}) { - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: found module $modname supported"); - # does not belong to "others" - } else { - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: found module $modname unsupported"); - #add the module to "others" list - my $m = $modutil->getmodule($modname); - my $mod = new PKI::RA::GlobalVar( - getImagePath => sub { return ""; }, - getUserFriendlyName => sub { return $m->{modulename}; }, - isFound => sub { return 1; }, - getTokens => sub { return getTokens($m->{detail}->{Name});} - ); - - push @otherModules, $mod; - - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: module $modname added to otherModules list"); - } - } - - $::symbol{sms} = \@supportedModules; - $::symbol{oms} = \@otherModules; -# PKI::RA::Wizard::dbg("oms: ". Dumper([@otherModules])); -# PKI::RA::Wizard::dbg("sms: ". Dumper([@supportedModules])); - - &PKI::RA::Wizard::debug_log("ModulePanel -> set sms, oms"); -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/Modutil.pm b/base/ra/lib/perl/PKI/RA/Modutil.pm deleted file mode 100755 index 82c66e87d..000000000 --- a/base/ra/lib/perl/PKI/RA/Modutil.pm +++ /dev/null @@ -1,262 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::RA::Modutil; - - -sub new { - my $class = shift; - my ($dir) = @_; - - if (! $dir) { die "no module directory provided\n"; } - - my $self = {}; - - $self->{dir} = $dir; - $self->{modules} = makemodules($self); - - bless $self, $class; - return $self; -} - -sub exists { - my $self = shift; - - return -e "$self->{dir}/secmod.db"; -} - -sub create { - my $self = shift; - - my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -create`; - return $mods; -} - -use Data::Dumper; - -sub makemodules { - my $self = shift; - my $modules = {}; - - my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -list`; - #my $mods = join "",<::DATA>; - - #print "raw mods = $mods"; - - my (@modules) = ( - $mods =~ / - ^ #beginning of a line - \s+ #some spaces - \d+\.\s* #some digits - (.*?) #lots of text - ((?=^\s*\d+)|(?=------)) #if we would next match some spaces and digits - /msxg ); - - @modules = grep /.+/ms, @modules; - - foreach $module (@modules) { - #print "Module #$i:$module --\n"; - $module = "modulename:$module"; - my ($moduleheader, $rest) = ( - $module =~ / - (.*status: .*?\n) # moduleheader - (\s*slot:.*) # slot - (?=\n(\n|$)) #empty line - /msxg ); - #print "moduleheader: $moduleheader\n"; - my $m = makehash($moduleheader); - $modules->{$m->{modulename}} = $m; - $m->{tokens} = {}; - - my @tokens = split "\n\n", $rest; - - - -# get summary slot info with: -list - foreach my $token (@tokens) { - #print "slottext: $slot\n"; - my $slh = makehash($token); - $m->{tokens}->{$slh->{token}} = $slh; - } - -# get detailed slot info with: -list "modulename" - - my $moduledetail = `modutil -force -dbdir '$self->{dir}' -nocertdb -list "$m->{modulename}" 2> /dev/null`; - my @details= split "\n\n", $moduledetail; - while ($details[0] !~ /.*Name:.*/) { - shift @details; - }; - $m->{detail} = makehash(shift @details); - foreach $d (@details) { - my $sdh = makehash($d); - my $tokenname = $sdh->{"Token Name"}; - $tokenname =~ s/\s+$//; # remove trailing spaces - if ($tokenname) { - $m->{tokens}->{$tokenname}->{detail} = $sdh; - } - } - $i++; - - } - return $modules; -} - -# input: a multi-list string with nv/pairs -# return a hashtable reference -sub makehash { - my $str = shift; - my $ht = { }; - my @lines = split "\n", $str; - my $line; -LINE: - foreach $line (@lines) { - if ($line =~ /Using database directory/) { next LINE; } - if ($line =~ /--------------/) { next LINE; } - my ($name, $value) = ($line =~ /^\s*(.*?):\s*(.*?)\s*$/); - if ($name) { - #print "name:$name\n"; - #print "value:$value\n"; - $ht->{$name} = $value; - } - } - return $ht; -} - -sub getmodules { - my $self = shift; - #print "modules: ".$self->{modules}. "\n"; - #print "keys: ".(join ",",keys %{$self->{modules}})."\n"; - return keys %{$self->{modules}}; -} - -sub getmodule { - my $self = shift; - my $modulename = shift; - - #print Dumper($self->{modules}); - return $self->{modules}->{$modulename}; -} - - -sub gettokens { - my $self = shift; - my $module = shift; - - return keys %{$module->{tokens}}; -} - -sub gettoken { - my $self = shift; - my $token= shift; - foreach my $m (values %{$self->{modules}}) { - foreach $t (values %{$m->{tokens}}) { - #print join ",", keys %{$t}; - #print Dumper($t->{detail}); - if ($t->{detail}->{"Token Name"} eq $token) { - return $t; - } - } - } -} - - - -package main; - -sub ::test { - -# initialize - my $modutil = new PKI::RA::Modutil("."); - -#make database if it doesn't exist - if (! $modutil->exists()) { - $modutil->create(); - } - -#get an array of module names - my @mods = $modutil->getmodules(); - - print "Found ".@mods." pkcs#11 modules\n"; - -#for each module... - foreach my $modname (@mods) { - my $module = $modutil->getmodule($modname); - - print "Module: $modname\n"; - print "Library: ".$module->{detail}->{"Library file"}."\n"; - print "Other keys: ".(join ",", keys %{$module->{detail}})."\n"; - -#find all the tokens in a module, e.g. each partition for a lunasa - foreach my $tokenname ($modutil->gettokens($module)) { - print " token: $tokenname\n"; - my $token = $modutil->gettoken($tokenname); - -#dump out the information we have on the token - foreach my $key (keys %{$token}) { - print " token keys/values: $key: ".$token->{$key}."\n"; - } - my @detailkeys = (keys %{$token->{detail}}) ; - print " token detail keys:". (join ",", @detailkeys)."\n"; - print " token detail Manufacturer:". $token->{detail}->{Manufacturer}."\n"; - print "\n"; - } - print "\n"; - } - -} - -# this is where 'main' starts - -if ($ARGV[0] eq "--test") { - ::test(); -} - -1; - -__DATA__ -Listing of PKCS #11 Modules ------------------------------------------------------------ - 1. NSS Internal PKCS #11 Module - slots: 2 slots attached - status: loaded - - slot: NSS Internal Cryptographic Services - token: NSS Generic Crypto Services - - slot: NSS User Private Key and Certificate Services - token: NSS Certificate DB - - 2. lunasa - library name: /usr/lunasa/lib/libCryptoki2.so - slots: 2 slots attached - status: loaded - - slot: LunaNet Slot - token: lunasa1-ca - - slot: LunaNet Slot - token: lunasa2-ca ------------------------------------------------------------ - - diff --git a/base/ra/lib/perl/PKI/RA/NamePanel.pm b/base/ra/lib/perl/PKI/RA/NamePanel.pm deleted file mode 100755 index c30715aa2..000000000 --- a/base/ra/lib/perl/PKI/RA/NamePanel.pm +++ /dev/null @@ -1,570 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use FileHandle; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::CertInfo; -use URI::URL; -use URI::Escape; - -package PKI::RA::NamePanel; -$PKI::RA::NamePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); -our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----"; -our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----"; -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(12); - $self->{"getName"} = &PKI::RA::Common::r("Subject Names"); - $self->{"vmfile"} = "namepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("NamePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("NamePanel: update"); - my $instanceDir = $::config->get("service.instanceDir"); - - my $count = $q->param('urls'); - - &PKI::RA::Wizard::debug_log("NamePanel: update - selected ca= $count"); - - my $host = ""; - my $https_ee_port = ""; - - my $useExternalCA = "off"; - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_ee_port = $info->port; - } else { - $host = $::config->get("preop.securitydomain.ca$count.host"); - if ($host eq "") { - $useExternalCA = "on"; - } else { - $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - &PKI::RA::Wizard::debug_log("NamePanel: update - host= $host, https_ee_port= $https_ee_port"); - } - } - $::config->put("preop.certenroll.useExternalCA", $useExternalCA); - - $::config->put("preop.ca.url", "https://" . $host . ":" . $https_ee_port); - - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("NamePanel: update got token name = $tokenname"); - my $hw; - my $tk; - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - $tk = ""; - } else { - $hw = "-h $tokenname"; - $tk = $tokenname.":"; - } - - # is nickname changed because of token (hardware) selection? - my $changed = "false"; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - &PKI::RA::Wizard::debug_log("NamePanel: update begins for certag= $certtag"); - my $cert_dn = $q->param($certtag); - $::config->put("preop.cert.".$certtag.".dn", $cert_dn); - $::config->commit(); - - my $sslnickname = $::config->get("preop.cert.sslserver.nickname"); - my $nickname = $q->param($certtag . "_nick"); - if ($nickname ne "") { - &PKI::RA::Wizard::debug_log("NamePanel: update nickname for $certtag set to $nickname"); - &PKI::RA::Wizard::debug_log("NamePanel: update nickname for $certtag being updated in config file"); - $::config->put("preop.cert.".$certtag.".nickname", $nickname); - $::config->commit(); - } else { - $nickname = $::config->get("preop.cert.$certtag.nickname"); - if ($nickname eq "") { - $nickname = "RA ".$certtag." cert"; - &PKI::RA::Wizard::debug_log("NamePanel: update nickname not found for $certtag -- try $nickname"); - } - } - - my $cert_request = $::config->get("preop.cert.$certtag.certreq"); - if ($cert_request ne "") { - &PKI::RA::Wizard::debug_log("NamePanel: update do not generate new keys"); - goto GEN_CERT; - } - &PKI::RA::Wizard::debug_log("NamePanel: update generate new keys"); - - # =====generate requests======== - # getting new request should void old cert - - my $file= "$instanceDir/conf/".$certtag."_cert.txt"; - my $tmp = `rm $file`; - - &PKI::RA::Wizard::debug_log("NamePanel: retrieving $tokenname from pwdconf"); - my $token_pwd = $::pwdconf->get($tokenname); - &PKI::RA::Wizard::debug_log("NamePanel: creating pwfile"); - open FILE, ">$instanceDir/conf/.pwfile"; - system( "chmod 00660 $instanceDir/conf/.pwfile" ); - $token_pwd =~ s/\n//g; - print FILE $token_pwd; - close FILE; - - my $keytype = $::config->get("preop.cert.$certtag.keytype"); - if ($keytype eq "") { - $keytype = "rsa"; - } - - my $select = $::config->get("preop.cert.$certtag.keysize.select"); - - my $keysize; - - if ($keytype eq "rsa") { - $keysize = 2048; - } elsif ($keytype eq "ecc") { - $keysize = 256; - } - - if (($select eq "") || ($select eq "default")) { - my $size = $::config->get("preop.cert.$certtag.keysize.size"); - if ($size ne "") { - $keysize = $size; - } - } else { - my $size = $::config->get("preop.cert.$certtag.keysize.customsize"); - if ($size ne "") { - $keysize = $size; - } - if (($keytype eq "ecc") && ($keysize ne 256)) { - &PKI::RA::Wizard::debug_log("NamePanel: update got keysize from config= $keysize changing to 256, the only supported ECC strength"); - $keysize = 256; - } - } - - &PKI::RA::Wizard::debug_log("NamePanel: update got key type $keytype"); - my $req; - my $debug_req; - my $filename = "/tmp/random.$$"; - `dd if\=/dev/urandom of\=\"$filename\" count\=256 bs\=1`; - if ($keytype eq "rsa") { - #XXX temporary - &PKI::RA::Wizard::debug_log("NamePanel: update "."certutil -R -s $cert_dn -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename"); - my $tmpfile = "/tmp/req$$"; - system("certutil -R -s \"$cert_dn\" -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename > $tmpfile"); - $req = `cat $tmpfile`; - system("rm $tmpfile"); - } elsif ($keytype eq "ecc") { - #only support curve nistp256 for now - my $tmpfile = "/tmp/req$$"; - system("certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -R -s \"$cert_dn\" -k ec -q nistp256 -a -z $filename> $tmpfile"); - $req = `cat $tmpfile`; - system("rm $tmpfile"); - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update unsupported keytype $keytype"); - } - system("rm $filename"); - - my $save_line = 0; - my @req_a = split "\n", $req; - foreach my $line (@req_a) { - chomp( $line ); - $line =~ s/
//g; - if ($line eq $cert_req_header) { - $save_line = 1; - } elsif( $line eq $cert_req_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert_request .= "$line"; - } - } - &PKI::RA::Wizard::debug_log("NamePanel: update putting cert_request in CS.cfg: $cert_request"); - $::config->put("preop.cert.$certtag.certreq", $cert_request); - $::config->commit(); - -GEN_CERT: -# =====request for certs======== -# see if there is an existing cert - - my $cert = $::config->get("preop.cert.$certtag.cert"); - my $sdom = $::config->get("config.sdomainEEURL"); - my $sdom_url = new URI::URL($sdom); - - if (($useExternalCA eq "on") && ($certtag ne "subsystem")) { - &PKI::RA::Wizard::debug_log("NamePanel: update External CA selected"); - if ($cert eq "") { - &PKI::RA::Wizard::debug_log("NamePanel: update no cert found...need manual enrollment"); - } - } else { - if ($cert eq "") { - &PKI::RA::Wizard::debug_log("NamePanel: update External CA not selected...need automatic enrollment"); - - my $machineName = $::config->get("service.machineName"); - my $securePort = $::config->get("service.securePort"); - my $session_id = $::config->get("preop.sessionID"); - - if ($cert_request ne "") { - &PKI::RA::Wizard::debug_log("NamePanel: update found existing request: $cert_request"); - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update existing request not found"); - #something is wrong...no request, no cert - goto DONE; - return $cert; - } - - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = ""; - &PKI::RA::Wizard::debug_log("NamePanel: greping password"); - - my $tmpfile = "/tmp/grep$$"; - system ("grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10- > $tmpfile"); - $db_password = `cat $tmpfile`; - $db_password =~ s/\n$//g; - system("rm $tmpfile"); - - my $profile_id = $::config->get("preop.cert.$certtag.profile"); - &PKI::RA::Wizard::debug_log("NamePanel: profileId=" . $profile_id); - my $requestor_name = "RA-" . $machineName . "-" . $securePort; - my $params = "profileId=" . $profile_id . "&" . - "cert_request_type=" . "pkcs10" . "&" . - "requestor_name=" . $requestor_name . "&" . - "cert_request=" . - URI::Escape::uri_escape("$cert_request") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_url->host . "&" . - "auth_port=" . $sdom_url->port; - - if ($certtag eq "subsystem") { - $host = $sdom_url->host; - $https_ee_port = $sdom_url->port; - } - if ($changed eq "true") { -$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; -$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; - } else { -$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; -$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; - } - - &PKI::RA::Wizard::debug_log("debug_req = " . $debug_req); - my $content = `$req`; - &PKI::RA::Wizard::debug_log("content = " . $content); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - if ($content eq "") { - $::symbol{errorString} = "CA returned no response. Please check that the CA is available and also check the host's firewall settings."; - return 0; - } - - my $parser = XML::Simple->new(); - &PKI::RA::Wizard::debug_log("NamePanel: response content= " . $content); - my $response = $parser->XMLin($content); - my $status = $response->{Status}; - if ($status ne "0") { - my $error = $response->{Error}; - &PKI::RA::Wizard::debug_log("NamePanel: Error = $error"); - $::symbol{errorString} = "CA response: $error. Please check previous related panels." . " Please check that the CA is available and also check the host's firewall settings."; - return 0; - } - $cert = $response->{Requests}->{Request}->{b64}; - &PKI::RA::Wizard::debug_log("NamePanel: new cert generated= " . $cert); - -# my $reqid = $response->{Requests}->{Request}->{Id}; -# $::config->put("preop.admincert.requestId.0", $reqid); -# my $sn = $response->{Requests}->{Request}->{serialno}; -# $::config->put("preop.admincert.serialno.0", $sn); -# $::config->commit(); - - &PKI::RA::Wizard::debug_log("NamePanel: update putting cert in CS.cfg: $cert"); - $::config->put("preop.cert.$certtag.cert", $cert); - $::config->commit(); - - } else { - # cert is not null - &PKI::RA::Wizard::debug_log("NamePanel: update External CA not selected. Cert found...no need for enrollment"); - } - -# write cert to file so certutil can import - my $cert_fn = "$instanceDir/conf/".$certtag."_cert.txt"; - open FILE, "> $cert_fn"; - print FILE $cert_header."\n".$cert."\n".$cert_footer; - close FILE; - - # import cert, whether it was imported before or not - my $nickname = $::config->get("preop.cert.$certtag.nickname"); - if ($nickname eq "") { - #XXX - $nickname = "RA ".$certtag." cert"; - &PKI::RA::Wizard::debug_log("NamePanel: update nickname not found for $certtag -- try $nickname"); - } - - if ($certtag ne "sslserver") { - &PKI::RA::Wizard::debug_log("NamePanel: update: try to delete existing cert $nickname, if any....ok if it fails"); - $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`; - $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`; - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update: try to delete existing cert $sslnickname, if any....ok if it fails"); - $tmp = `certutil -d $instanceDir/alias -D -n "$sslnickname"`; - $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$sslnickname"`; - } - - &PKI::RA::Wizard::debug_log("NamePanel: update: try to import cert from $cert_fn"); - $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -A -n "$nickname" -t "u,u,u" -a -i $cert_fn`; - # changed the cert, need to change nickname too, if necessary - if ($hw ne "") { - if ($certtag eq "sslserver") { - if ($changed eq "false") { - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - } - $changed = "true"; - } elsif ($certtag eq "subsystem") { - &PKI::RA::Wizard::debug_log("NamePanel: update: subsystem nickname changed"); - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - $::config->put("conn.ca1.clientNickname", "$tk$nickname"); - $::config->put("conn.drm1.clientNickname", "$tk$nickname"); - $::config->put("conn.tks1.clientNickname", "$tk$nickname"); - $::config->put( "ra.cert.subsystem.nickname", "$tk$nickname"); - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update: $certtag nickname changed"); - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - } - $::config->commit(); - } else { - if ($certtag eq "subsystem") { - # setting these just in case the subsystem nickname changed. - &PKI::RA::Wizard::debug_log("NamePanel: update: setting in case the subsystem nickname changed"); - $::config->put("conn.ca1.clientNickname", "$nickname"); - $::config->put("conn.drm1.clientNickname", "$nickname"); - $::config->put("conn.tks1.clientNickname", "$nickname"); - $::config->put("ra.cert.subsystem.nickname", "$nickname"); - } - $::config->commit(); - } - - &PKI::RA::Wizard::debug_log("NamePanel: update: done importing cert: $tk$nickname"); - $tmp = `rm $cert_fn`; - } - } - -DONE: - &PKI::RA::Wizard::debug_log("NamePanel: removing pwfile"); - my $tmp = `rm $instanceDir/conf/.pwfile`; - return 1; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -use Data::Dumper; - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("NamePanel: display"); - - my $domain_name = $::config->get("preop.securitydomain.name"); - if ($domain_name eq "") { - $domain_name = "RA Domain"; - } - my $machine_name = $::config->get("service.machineName"); - my $instance_id = $::config->get("service.instanceID"); - - my $i = 0; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - &PKI::RA::Wizard::debug_log("NamePanel: display certtag=$certtag"); - my $cert_dn = $::config->get("preop.cert.".$certtag.".dn"); - if ($cert_dn eq "") { - if ($certtag eq "subsystem") { - $cert_dn = "CN=RA Subsystem, " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } elsif ($certtag eq "sslserver") { - $cert_dn ="CN=" . $machine_name . ", " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } else { - &PKI::RA::Wizard::debug_log("NamePanel: display other certtag=$certtag"); - $cert_dn = $certtag; - } - $::config->put("preop.cert.".$certtag.".dn", $cert_dn); - $::config->commit(); - } else { - if (!($cert_dn =~ /O=/)) { - $cert_dn .= ", O=" . $domain_name; - $::config->put("preop.cert.".$certtag.".dn", $cert_dn); - $::config->commit(); - } - } - - my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname"); - if ($name eq "") { - $name = $certtag."Cert ".$instance_id; - $::config->put("preop.cert.".$certtag.".userfriendlyname", $name); - $::config->commit(); - } - - my $cert = new PKI::RA::CertInfo($name, - $cert_dn, $certtag); - $::symbol{certs}[$i++] = $cert; - } - - &PKI::RA::Wizard::debug_log("NamePanel: getting CA info"); - $::symbol{urls} = []; - my $count = 0; - - while (1) { - my $host = $::config->get("preop.securitydomain.ca$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - my $name = $::config->get("preop.securitydomain.ca$count.subsystemname"); - my $item = $name . " - https://" . $host . ":" . $https_ee_port; - $::symbol{urls}[$count++] = $item; - - } -DONE: - - $::symbol{urls}[$count++] = "External CA"; - $::symbol{urls_size} = $count+1; - - return 1; -} - - -# arg0 filename containing certificate request -# return certificate request plus header and footer -sub extract_cert_req_from_file -{ - my $save_line = 0; - - my $filename = $_[0]; - - my $fd = new FileHandle; - - my $cert_request = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - - if( $line eq $cert_req_header ) { - $save_line = 1; - $cert_request .= "$line\n"; - } elsif( $line eq $cert_req_footer ) { - $cert_request .= "$line\n"; - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert_request .= "$line\n"; - } - } - - $fd->close(); - - return $cert_request; -} - -# arg0 message containing certificate request -# return certificate request sans header and footer -sub extract_cert_req_from_file_sans_header_and_footer -{ - my $filename = $_[0]; - my $save_line = 0; - - my $fd = new FileHandle; - - my $cert_request = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - - if( $line eq $cert_req_header ) { - $save_line = 1; - } elsif( $line eq $cert_req_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert_request .= "$line\n"; - } - } - - $fd->close(); - - return $cert_request; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm b/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm deleted file mode 100755 index 51c22cd24..000000000 --- a/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm +++ /dev/null @@ -1,235 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::ReqCertInfo; -$PKI::RA::ReqCertInfo::VERSION = '1.00'; - -our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----"; -our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----"; -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my ($class, $name, $dn, $tag) = @_; - my $self = {}; - &PKI::RA::Wizard::debug_log("ReqCertInfo: start new"); - &PKI::RA::Wizard::debug_log("ReqCertInfo: creating name: $name, dn: $dn, tag: $tag"); - - $self->{"getUserFriendlyName"} = \&get_user_friendly_name; - $self->{"getCertTag"} = \&get_cert_tag; - $self->{"getCert"} = \&get_cert; - $self->{"getCertpp"} = \&get_cert_pp; - $self->{"getRequest"} = \&get_request; - $self->{"getDN"} = \&get_dn; - $self->{"useDefaultKey"} = \&use_default_key; - $self->{"getCustomKeysize"} = \&get_custom_keysize; - &PKI::RA::Wizard::debug_log("ReqCertInfo: end new"); - - $self->{name} = $name; - $self->{dn} = $dn; - $self->{tag} = $tag; - - bless $self, $class; - return $self; -} - -sub get_user_friendly_name -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_user_friendly_name"); - return $self->{name}; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -sub wrap_lines -{ - my $lines = shift; - my $temp ; - foreach my $line (split "\n", $lines) { - if (length $line > 59) { - $line =~ s/(.{0,60})/$1\n/g; - } - # get rid of a line that is just an empty newline - $line =~ s/^\n$//gms; - $temp .= $line; - } - # collapse multiple newlines into one - $temp =~ s/\n+/\n/gms; - $temp =~ s/\n$//gms; - $temp; - -} - -sub get_request -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_request"); - # first, try to see if request has been made before -# my $req = readFile( "/var/lib/pki-ra/conf/$self->{tag}_cert_request.txt"); - - my $req = $::config->get("preop.cert.$self->{tag}.certreq"); - - $req = wrap_lines($req); - - if ($req ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_request found existing request"); - return $cert_req_header."\n".$req."\n".$cert_req_footer;; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_request existing request not found"); - } - - return $req; -} - -sub get_cert -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert"); -# see if there is an existing cert -# my $cert = readFile("/var/lib/pki-ra/conf/".$self->{tag}."_cert.txt"); - my $cert = $::config->get("preop.cert.$self->{tag}.cert"); - - $cert = wrap_lines($cert); - if ($cert ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert found existing cert"); - return $cert_header."\n".$cert."\n".$cert_footer;; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert existing cert not found"); - } - if ($cert eq "") { - $cert = "...paste certificate here..."; - } - - - return $cert; -} - -sub get_cert_pp -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp"); - my $instanceDir = $::config->get("service.instanceDir"); - - my $hw; - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname"); - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - } else { - $hw = "-h $tokenname"; - } - - my $token_pwd = $::pwdconf->get($tokenname); - open FILE, ">$instanceDir/conf/.pwfile"; - system( "chmod 00660 $instanceDir/conf/.pwfile" ); - $token_pwd =~ s/\n//g; - print FILE $token_pwd; - close FILE; - - my $nickname = $::config->get("preop.cert.$self->{tag}.nickname"); - if ($nickname eq "") { -#XXX - $nickname = "RA ".$self->{tag}." cert"; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp nickname not found for $self->{tag} -- try $nickname"); - } - my $certpp=""; -# my $found = -e "/var/lib/pki-ra/conf/$self->{tag}_cert.txt"; - my $cert = $::config->get("preop.cert.$self->{tag}.cert"); - - if ($cert ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp found request, ready to get prettyprint"); - my $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -n "$nickname" -L > $instanceDir/conf/$self->{tag}_cert_pp.txt`; - $certpp = readFile("$instanceDir/conf/$self->{tag}_cert_pp.txt"); - $certpp =~ s/"//g; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp pp=$certpp"); - $tmp =`rm $instanceDir/conf/$self->{tag}_cert_pp.txt`; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp cert not found, will not get prettyprint"); - } - my $tmp = `rm $instanceDir/conf/.pwfile`; - - return $certpp; -} - -sub get_cert_tag -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_tag"); - return $self->{tag}; -} - -sub get_dn -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_dn"); - return $self->{dn}; -} - -sub use_default_key -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: use_default_key"); - my $select = $::config->get("preop.cert.$self->{tag}.keysize.select"); - if ($select ne "") { - if ($select eq "custom") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: use_default_key from config = $select returning 0"); - return 0; - } - } - - &PKI::RA::Wizard::debug_log("ReqCertInfo: use_default_key returning 1"); - return 1; -} - -sub get_custom_keysize -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_custom_keysize"); - my $keysize = $::config->get("preop.cert.$self->{tag}.keysize.customsize"); - if ($keysize ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_custom_keysize from config = $keysize"); - return $keysize; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_custom_keysize not from config"); - } - return 2048; -} - - -1; diff --git a/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm b/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm deleted file mode 100755 index 3370b9d25..000000000 --- a/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm +++ /dev/null @@ -1,199 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use XML::Simple; -use Data::Dumper; - -package PKI::RA::SecurityDomainPanel; -$PKI::RA::SecurityDomainPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(1); - $self->{"getName"} = &PKI::RA::Common::r("Security Domain"); - $self->{"vmfile"} = "securitydomainpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SecurityPanel: validate"); - - return 1; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub pingCS -{ - my( $instanceDir ) = $_[0]; - my( $db_password ) = $_[1]; - my( $nickname ) = $_[2]; - my( $hostname ) = $_[3]; - my( $port ) = $_[4]; - - my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -r "/ca/admin/ca/getStatus" $hostname:$port`; - if( "$content" eq "" ) { - return 0; - } else { - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $state = $response->{State}; - - if( "$state" eq "1" ) { - return 1; - } else { - return 0; - } - } -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SecurityPanel: display"); - $::symbol{panelname} = "Security Domain"; - $::symbol{sdomainName} = "Security Domain"; - - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $hostname = $::config->get("service.machineName"); - my $default_https_admin_port = 9445; - - # check to see if "default" security domain exists on local machine - my $status = pingCS( $instanceDir, - $db_password, - $nickname, - $hostname, - $default_https_admin_port ); - if( "$status" eq "1" ) { - # "default" security domain exists on local machine; - # fill "sdomainURL" in with "default" security domain - # as an initial "guess" - $::symbol{sdomainURL} = "https://" . $hostname . ":" - . $default_https_admin_port; - } else { - # "default" security domain does NOT exist on local machine; - # leave "sdomainURL" blank - $::symbol{sdomainURL} = ""; - } - - $::symbol{sdomainAdminURL} = "https://" . $hostname . ":" - . $default_https_admin_port; - - my $initDaemon = "pki-tomcatd"; - my $statusCommand = ""; - my $instanceID ="<security_domain_instance_name>"; - if( $^O eq "linux" ) { - $statusCommand = "systemctl status $initDaemon\@$instanceID.service"; - } else { - ## default case: e. g. - ( $^O eq "solaris" ) - $statusCommand = "/etc/init.d/$initDaemon status $instanceID"; - } - $::symbol{statusCommand} = $statusCommand; - $::symbol{instanceID} = $instanceID; - return 1; -} - - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SecurityPanel: update"); - my $sdomainURL = $q->param("sdomainURL"); - - if ($sdomainURL eq "") { - &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL has not been specified!"); - $::symbol{errorString} = "Security Domain HTTPS has not been specified!"; - return 0; - } - - my $sdomainURL_info = new URI::URL($sdomainURL); - - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $hostname = $sdomainURL_info->host; - my $https_admin_port = $sdomainURL_info->port; - - # check to see if "default" security domain exists on local machine - my $status = pingCS( $instanceDir, - $db_password, - $nickname, - $hostname, - $https_admin_port ); - if( "$status" ne "1" ) { - # invalid security domain specified - &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL not found"); - $::symbol{errorString} = "Security Domain HTTPS Admin URL not found"; - return 0; - } - - # save urls in CS.cfg - &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL=" . $sdomainURL); - $::config->put("config.sdomainAdminURL", $sdomainURL); - - # Add values necessary for 'pkiremove' . . . - $::config->put("securitydomain.select", "existing"); - $::config->put("securitydomain.host", $sdomainURL_info->host); - $::config->put("securitydomain.httpsadminport", $sdomainURL_info->port); - $::config->commit(); - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/SizePanel.pm b/base/ra/lib/perl/PKI/RA/SizePanel.pm deleted file mode 100755 index f55dc41e9..000000000 --- a/base/ra/lib/perl/PKI/RA/SizePanel.pm +++ /dev/null @@ -1,245 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::CertInfo; - -package PKI::RA::SizePanel; -$PKI::RA::SizePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(11); - $self->{"getName"} = &PKI::RA::Common::r("Key Pairs"); - $self->{"vmfile"} = "sizepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SizePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SizePanel: update"); - - my $instanceDir = $::config->get("service.instanceDir"); - my $done = $::config->get("preop.SizePanel.done"); - my $genKeyPair = $q->param('generateKeyPair'); - &PKI::RA::Wizard::debug_log("SizePanel: update generateKeyPair value=$genKeyPair"); - if ($done eq "true") { - if ($genKeyPair eq "") { - &PKI::RA::Wizard::debug_log("SizePanel: update generateKeyPair value not found, turn to off"); - $genKeyPair = "off"; - } - } else { - # firstime should always generate keys - $genKeyPair = "on"; - } - - foreach my $certtag (@PKI::RA::Wizard::certtags) { - my $select = $q->param($certtag.'_choice'); - my $keytype = $q->param($certtag.'_keytype'); - my $size = $q->param($certtag.'_custom_size'); - - &PKI::RA::Wizard::debug_log("SizePanel: update $certtag _choice=$select $certtag _keytype=$keytype customsize= $size"); - - $::config->put("preop.keysize.select", $select); - $::config->put("preop.cert.".$certtag.".keysize.select", $select); - - if (! isSupportedSize($keytype, $size)) { - &PKI::RA::Wizard::debug_log("SizePanel: update size $size not supported"); - return 0; - } - $::config->put("preop.cert.".$certtag.".keysize.customsize", $size); - $::config->put("preop.cert.".$certtag.".keytype", $keytype); - - if ($select eq "default") { - my $defaultSize = getDefaultSize($keytype); - &PKI::RA::Wizard::debug_log("SizePanel: update in default, defaultsize = $defaultSize"); - $::config->put("preop.keysize.customsize", $defaultSize); - $::config->put("preop.keysize.size", $defaultSize); - $::config->put("preop.cert.".$certtag.".keysize.size", $defaultSize); - - } elsif ($select eq "custom") { - &PKI::RA::Wizard::debug_log("SizePanel: update in custom, customsize = $size"); - $::config->put("preop.keysize.size", $size); - $::config->put("preop.cert.".$certtag.".keysize.size", $size); - } - - if ($genKeyPair eq "on") { - $::config->put("preop.cert.".$certtag.".certreq", ""); - $::config->put("preop.cert.".$certtag.".cert", ""); - } - } -#XXX should have better error checking to work better - $done = $::config->put("preop.SizePanel.done", "true"); - $::config->commit(); - - return 1; -} - -sub getDefaultSize { - my $keytype = $_[0]; - - if ($keytype eq "ecc") { - return 256; - } elsif ($keytype eq "rsa") { - return 2048; - } - - $::symbol{errorString} = "Unsupported keytype $keytype"; - return 0; -} - -sub isSupportedSize { - my $keytype = $_[0]; - my $size = $_[1]; - - if (($keytype eq "ecc") && ($size ne "256")) { - &PKI::RA::Wizard::debug_log("SizePanel: isSupportedSize ECC only supports size 256"); - $::symbol{errorString} = "Unsupported Size $size. ECC only supports size 256"; - return 0; - } - - if (($size eq "256") || ($size eq "512") || ($size eq "1024") || - ($size eq "2048") || ($size eq "4096")) { - return 1; - } - # wrong size - $::symbol{errorString} = "Unsupported Size $size. RSA only supports sizes 256, 512, 1024, 2048, and 4096"; - return 0; -} - -sub display -{ - my ($q) = @_; - - &PKI::RA::Wizard::debug_log("SizePanel: display"); - - my $done = $::config->get("preop.SizePanel.done"); - &PKI::RA::Wizard::debug_log("SizePanel: display is panel done? $done"); - if ($done eq "true") { - $::symbol{firsttime} = "false"; - } else { - $::symbol{firsttime} = "true"; - } - - my $domain_name = $::config->get("preop.securitydomain.name"); - if ($domain_name eq "") { - $domain_name = "RA Domain"; - } - - my $machine_name = $::config->get("service.machineName"); - my $instance_id = $::config->get("service.instanceID"); - - my $i = 0; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - my $cert_dn = $::config->get("preop.cert.".$certtag.".dn"); - if ($cert_dn eq "") { - if ($certtag eq "subsystem") { - $cert_dn = "CN=RA Subsystem, " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } elsif ($certtag eq "sslserver") { - $cert_dn ="CN=" . $machine_name . ", " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } else { - $cert_dn = $certtag; - } - } - my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname"); - if ($name eq "") { - $name = $certtag."Cert ".$instance_id; - } - my $cert = new PKI::RA::CertInfo($name, - $cert_dn, $certtag); - $::symbol{certs}[$i++] = $cert; - } - - #for "common key settings" - my $select = $::config->get("preop.keysize.select"); - if (($select eq "") || ($select eq "default")) { - $::symbol{select} = "default"; - } else { - &PKI::RA::Wizard::debug_log("SizePanel: display keysize select= $select"); - $::symbol{select} = $select; - } - my $default_size = $::config->get("preop.keysize.size"); - if ($default_size eq "") { - $::symbol{default_keysize} = 2048; - } else { - $::symbol{default_keysize} = $default_size; - } - - my $default_ecc_size = $::config->get("preop.keysize.ecc.size"); - if ($default_ecc_size eq "") { - $::symbol{default_ecc_keysize} = 256; - } else { - $::symbol{default_ecc_keysize} = $default_ecc_size; - } - - my $custom_size = $::config->get("preop.keysize.customsize"); - if ($custom_size eq "") { - $::symbol{custom_size} = 2048; - } else { - $::symbol{custom_size} = $default_size; - } - - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm b/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm deleted file mode 100755 index 3d946bca0..000000000 --- a/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::SubsystemTypePanel; -$PKI::RA::SubsystemTypePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(3); - $self->{"getName"} = &PKI::RA::Common::r("Subsystem Type"); - $self->{"vmfile"} = "createsubsystempanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SubsystemTypePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SubsystemTypePanel: update"); - $::symbol{systemname} = "Registration Authority "; - $::symbol{subsystemName} = "Registration Authority"; - $::symbol{fullsystemname} = "Registration Authority"; - $::symbol{machineName} = "localhost"; - $::symbol{http_port} = "12888"; - $::symbol{https_port} = "12889"; - $::symbol{non_clientauth_https_port} = "12890"; - $::symbol{check_clonesubsystem} = " "; - $::symbol{check_newsubsystem} = " "; - $::symbol{disableClone} = 1; - - my $subsystemName = $q->param('subsystemName'); - $::config->put("preop.subsystem.name", $subsystemName); - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SubsystemTypePanel: display"); - $::symbol{systemname} = "Registration Authority "; - $::symbol{subsystemName} = "Registration Authority"; - $::symbol{fullsystemname} = "Registration Authority "; - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - - - $::symbol{machineName} = $machineName; - $::symbol{http_port} = $unsecurePort; - $::symbol{https_port} = $securePort; - $::symbol{non_clientauth_https_port} = $non_clientauth_securePort; - $::symbol{check_clonesubsystem} = ""; - $::symbol{check_newsubsystem} = "checked "; - - my $session_id = $q->param("session_id"); - $::config->put("preop.sessionID", $session_id); - $::config->commit(); - - $::symbol{urls} = []; - my $count = 0; - while (1) { - my $host = $::config->get("preop.securitydomain.ra$count.host"); - if ($host eq "") { - goto DONE; - } - my $port = $::config->get("preop.securitydomain.ra$count.non_clientauth_secure_port"); - my $name = $::config->get("preop.securitydomain.ra$count.subsystemname"); - unshift(@{$::symbol{urls}}, "https://" . $host . ":" . $port); - $count++; - } -DONE: - $::symbol{urls_size} = $count; - -# if ($count == 0) { - $::symbol{disableClone} = 1; -# } - - # XXX - how to deal with urls - return 1; -} - - -1; diff --git a/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm b/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm deleted file mode 100755 index ddf1124a9..000000000 --- a/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm +++ /dev/null @@ -1,134 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::TKSInfoPanel; -$PKI::RA::TKSInfoPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(5); - $self->{"getName"} = &PKI::RA::Common::r("TKS Information"); - $self->{"vmfile"} = "tksinfopanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("TKSInfoPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("TKSInfoPanel: update"); - - my $count = $q->param('urls'); - - my $instanceID = $::config->get("service.instanceID"); - - my $host = ""; - my $https_agent_port = ""; - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_agent_port = $info->port; - if (($host eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; - return 0; - } - $::config->put("preop.tksinfo.select", $count); - } else { - $host = $::config->get("preop.securitydomain.tks$count.host"); - $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport"); - if (($host eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; - return 0; - } - $::config->put("preop.tksinfo.select", "https://$host:$https_agent_port"); - } - my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); - $::config->put("conn.tks1.clientNickname", $subsystemCertNickName); - $::config->put("conn.tks1.hostport", $host . ":" . $https_agent_port); - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("TKSInfoPanel: display"); - $::symbol{urls} = []; - my $count = 0; - while (1) { - my $host = $::config->get("preop.securitydomain.tks$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport"); - my $name = $::config->get("preop.securitydomain.tks$count.subsystemname"); - $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port; - } -DONE: - $::symbol{urls_size} = $count; - if ($count eq 0) { - $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; - return 0; - } - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/WelcomePanel.pm b/base/ra/lib/perl/PKI/RA/WelcomePanel.pm deleted file mode 100755 index c88c138be..000000000 --- a/base/ra/lib/perl/PKI/RA/WelcomePanel.pm +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::WelcomePanel; -$PKI::RA::WelcomePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(0); - $self->{"getName"} = &PKI::RA::Common::r("Welcome"); - $self->{"vmfile"} = "welcomepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("XXX " . $::config->get("logging.debug.enable")); - &PKI::RA::Wizard::debug_log("WelcomePanel: display"); - $::symbol{wizardname} = "RA Configuration Wizard"; - $::symbol{systemname} = "RA"; - $::symbol{fullsystemname} = "Registration Authority"; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/wizard.pm b/base/ra/lib/perl/PKI/RA/wizard.pm deleted file mode 100755 index fe23d62bb..000000000 --- a/base/ra/lib/perl/PKI/RA/wizard.pm +++ /dev/null @@ -1,502 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -# wizard - -# Fedora Certificate System - Registration Authority System configuration wizard - - -# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding -# the following to /etc/httpd/conf.d/perl.conf -# -# PerlModule ModPerl::Registry -# PerlModule Apache::compat -# PerlModule PKI::RA::Wizard -# PerlSetEnv PKI_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui -# <Location /wizard> -# SetHandler perl-script -# PerlHandler PKI::RA::Wizard -# Order deny,allow -# Allow from all -# </Location> - - -# Note: The Velocity parser is not very helpful when it comes to -# errors right now. Here are some common errors, and what they mean: -# -# ERROR: -# [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] -# Can't use string ("0") as an ARRAY ref while "strict refs" -# in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm -# line 423.\n, referer: http://chico/wizard?p=2 -# MEANING -# This probably means that your *.vm file refers to an array -# variable in a foreach statement that is not defined -# Check your foreach array variables. - -use warnings; -use ModPerl::Registry; -use Template::Velocity; -use Getopt::Std; -use Data::Dumper; -use CGI::Carp qw(fatalsToBrowser); -use CGI; -use APR::Const -compile => qw(:error SUCCESS); -use PKI::RA::GlobalVar; -use PKI::RA::WelcomePanel; -use PKI::RA::SecurityDomainPanel; -use PKI::RA::DisplayCertChainPanel; -use PKI::RA::SubsystemTypePanel; -use PKI::RA::CAInfoPanel; -use PKI::RA::DisplayCertChain2Panel; -use PKI::RA::AdminAuthPanel; -use PKI::RA::AgentAuthPanel; -use PKI::RA::DatabasePanel; -use PKI::RA::ModulePanel; -use PKI::RA::SizePanel; -use PKI::RA::NamePanel; -use PKI::RA::ConfigHSMLoginPanel; -use PKI::RA::CertRequestPanel; -use PKI::RA::AdminPanel; -use PKI::RA::ImportAdminCertPanel; -use PKI::RA::DonePanel; -use PKI::RA::Config; - -use PKI::RA::Common qw(yes no r); - -package PKI::RA::Wizard; -$PKI::RA::Wizard::VERSION = '1.00'; - -# read configuration file -my $flavor = "pki"; -$flavor =~ s/\n//g; - -my $pkiroot = $ENV{PKI_ROOT}; - -my $config = PKI::RA::Config->new(); -$config->load_file("$pkiroot/conf/CS.cfg"); -# read password cache file -my $pwdconf = PKI::RA::Config->new(); -$pwdconf->load_file("$pkiroot/conf/pwcache.conf"); -# SELinux disallows performing a "chmod" on this file -if( $^O ne "linux" ) { - system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); -} - -# create cfg debug log -my $logfile = $config->get("service.instanceDir") . "/logs/debug"; -system( "touch $logfile" ); -system( "chmod 00640 $logfile" ); -open( DEBUG, ">>" . $logfile ) || -warn( "Could not open '" . $logfile . "': $!" ); - -# apache server - -our $debug; - -my $HTTP_OK = 0; - -my $STATUS_OK = 0; # Apache 2 needs this to be zero -my $STATUS_ERROR = 2; -my $STATUS_REDIRECT = 3; - -&debug_log("RA wizard: starting up"); - -my $docroot = $ENV{PKI_DOCROOT}; - -if (! $docroot) { - &debug_log("RA wizard: ERROR: PKI_DOCROOT is null"); - return 0; -} - -our $parser = new Template::Velocity($docroot); -our $symbol; -our @certtags; - -makepanels(); - -&debug_log("RA wizard: start up complete"); - -1; - -sub debug_log -{ - my ($msg) = @_; - my $date = `date`; - chomp($date); - if( -w $logfile ) { - print DEBUG "$date - $msg\n"; - } -} - - # initializes entries in parser's global symbol table for panels -sub makepanels -{ - #REAL PANELS BELOW - my $welcome = new PKI::RA::WelcomePanel(); - my $securitydomain = new PKI::RA::SecurityDomainPanel(); - my $displaycertchain = new PKI::RA::DisplayCertChainPanel(); - my $subsystem = new PKI::RA::SubsystemTypePanel(); - my $cainfopanel = new PKI::RA::CAInfoPanel(); -# my $displaycertchain2 = new PKI::RA::DisplayCertChain2Panel(); - my $databasepanel = new PKI::RA::DatabasePanel(); - my $modulepanel = new PKI::RA::ModulePanel(); - my $confighsmloginpanel = new PKI::RA::ConfigHSMLoginPanel(); - my $sizepanel = new PKI::RA::SizePanel(); - my $namepanel = new PKI::RA::NamePanel(); - my $certrequestpanel = new PKI::RA::CertRequestPanel(); - my $adminpanel = new PKI::RA::AdminPanel(); - my $importadmincertpanel = new PKI::RA::ImportAdminCertPanel(); - my $donepanel = new PKI::RA::DonePanel(); - - $symbol{panels} = [ - $welcome, # com.netscape.cms.servlet.csadmin.WelcomePanel - $securitydomain, # com.netscape.cms.servlet.csadmin.SecurityDomainPanel - $displaycertchain, # com.netscape.cms.servlet.csadmin.DisplayCertChainPanel - $subsystem, # com.netscape.cms.servlet.csadmin.CreateSubsystemPanel - $cainfopanel, # com.netscape.cms.servlet.csadmin.CAInfoPanel -# $displaycertchain2, # com.netscape.cms.servlet.csadmin.DisplayCertChain2Panel - $databasepanel, # com.netscape.cms.servlet.csadmin.DatabasePanel - $modulepanel, # com.netscape.cms.servlet.csadmin.ModulePanel - $confighsmloginpanel, # com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel - $sizepanel, # com.netscape.cms.servlet.csadmin.SizePanel - $namepanel, # com.netscape.cms.servlet.csadmin.NamePanel - $certrequestpanel, # com.netscape.cms.servlet.csadmin.CertRequestPanel - $adminpanel, # com.netscape.cms.servlet.csadmin.AdminPanel - $importadmincertpanel, # com.netscape.cms.servlet.csadmin.ImportAdminCertPanel - $donepanel, # com.netscape.cms.servlet.csadmin.DonePanel</param-value> - ]; -}; - -sub render_panel -{ - my ($panelnum, $q) = @_; - - $symbol{errorString} = ""; - - my $currentpanel; - - if ($q->param('op') && $q->param('op') eq "next") { - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - my $status = "0"; - - if ($currentpanel->{update}) { - $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - - &debug_log("RA wizard: about to find out about sub panel"); - if ($status eq "1") { - if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) { - &debug_log("RA wizard: has sub panel"); - $panelnum = $panelnum + 2; - } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) { - &debug_log("RA wizard: is sub panel"); - $panelnum = $panelnum - 1; - } else { - &debug_log("RA wizard: no sub panel and is not subpanel"); - $panelnum = $panelnum + 1; - } - } - } elsif ($q->param('op') && $q->param('op') eq "back") { - $panelnum = $panelnum - 1; - #check if this a subpanel, if so, go back to it's parent. - #only handles one-deep at this point - my $panel = $symbol{panels}[$panelnum]; - if (&{$panel->{isSubPanel}}($q)) { - $panelnum = $panelnum - 1; - } - } elsif ($q->param('op') && $q->param('op') eq "apply") { - &debug_log("RA wizard: update : apply button pressed"); - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - if ($currentpanel->{update}) { - my $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - } - - &debug_log("RA wizard: after looking into about sub panel"); - - # advance to next panel - $currentpanel = $symbol{panels}[$panelnum]; - - # initialize symbol table values - $symbol{showApplyButton} = "false"; - - # fill in variables for new panel - if ($currentpanel->{panelvars}) { - $Data::Dumper::Indent = 1; - # The '&debug_log("q=".Dumper($q));' call must be commented out to fix - # Bugzilla Bug #249923: Incorrect file permissions on - # various files and/or directories - # &debug_log("q=".Dumper($q)); - $currentpanel->{panelvars}($q); - } - - $symbol{panel} = "ra/admin/console/config/".$currentpanel->{vmfile}; - - #wizard.vm: - $symbol{name} = "Registration Authority"; - $symbol{title} = $currentpanel->{getName}(); - if ($panelnum == 0) { - $symbol{firstpanel} = "1"; - } else { - $symbol{firstpanel} = "0"; - } - if ($panelnum == 13) { - $symbol{lastpanel} = "1"; - } else { - $symbol{lastpanel} = "0"; - } - $symbol{p} = $panelnum; - $symbol{subpanelno} = $panelnum+1; - $symbol{productversion} = $::config->get("cms.product.version"); - $symbol{csstate} = "1"; - -# $symbol{urls} = [ "cert1", "cert2" ]; #createsubsystem -# $symbol{urls_size} = 2; -# $symbol{instanceId} = "ra"; -# $symbol{errorString} = ""; - - #modulepanel -# $symbol{certs} = [ ]; -# $symbol{reqscerts} = [ ]; - $symbol{ppcerts} = [ ]; - - return $STATUS_OK; -} - - - -sub dbg { - my $msg = shift; - $::symbol{dbg} .= "$msg\n"; -} - -sub handler { - my $r = shift; - - *::symbol = \%symbol; - *::s = \$s; - *::config = \$config; - *::pwdconf = \$pwdconf; - - &debug_log("RA wizard: in handler"); - - my $q = new CGI; - - # check cookie - my $cookie = $q->cookie('pin'); - my $pin = $::config->get("preop.pin"); - if ($cookie ne $pin) { - print $q->redirect("login"); - return; - } - - # output http parameters - &debug_log("RA wizard: uri='" . $ENV{REQUEST_URI} . "'"); - my @pnames = $q->param(); - foreach $pn (@pnames) { - # added this facility so that password can be hidden, - # all sensitive parameters should be prefixed with - # __ (double underscores); however, in the event that - # a security parameter slips through, we perform multiple - # additional checks to insure that it is NOT displayed - if( $pn =~ /^__/ || - $pn =~ /password$/ || - $pn =~ /passwd$/ || - $pn =~ /pwd$/ || - $pn =~ /admin_password_again/i || - $pn =~ /directoryManagerPwd/i || - $pn =~ /bindpassword/i || - $pn =~ /bindpwd/i || - $pn =~ /passwd/i || - $pn =~ /password/i || - $pn =~ /pin/i || - $pn =~ /pwd/i || - $pn =~ /pwdagain/i || - $pn =~ /uPasswd/i ) { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='(sensitive)'"); - } else { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); - } - } - - my $panelnum = $q->param('p'); - if (!defined($panelnum) || $panelnum eq "") { - # Apache fails to pick up the p parameter after - # redirecting from the security domain. This is - # a quick hack to solve the issue. - if ($ENV{'QUERY_STRING'} ne "") { - $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/; - $panelnum = $1; - } - } - - use subs qw(debug); - *debug = \&Template::Velocity::Executor::debug; - - $::symbol{dbg} = ""; - - &debug_log("RA wizard: before argparsing"); - if ($#ARGV == -1) { - $Data::Dumper::Maxdepth = 7; - $startfile = "ra/admin/console/config/wizard.vm"; - } - - &debug_log("RA wizard: setting up test objects"); - - #initialize from config file - my $certlist = $::config->get("preop.cert.list"); - if ($certlist eq "") { - $certlist = "sslserver,subsystem"; - } - @certtags = split(/,/, $certlist); - $numtags = @certtags; - if ($numtags eq 0) { - @certtags = ("sslserver", "subsystem"); - } - &debug_log("RA wizard: found $numtags certtags"); - - if (! $panelnum) { - $panelnum = 0; - } - - my $status = render_panel($panelnum, $q); - if ($status == 3) { - $r->header_out(Location => $symbol{redirect}); - $r->status(301); - $r->send_http_header(); - return; - } - - use Data::Dumper; - &debug_log("RA wizard: executing file $startfile"); - foreach $q (sort keys %symbol) { - &debug_log("RA wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q}); - } - - my $result; - if ($q->param('xml') && $q->param('xml') eq "true") { - $r->send_http_header('text/xml'); - $result = "<xml>"; - foreach $s (sort keys %symbol) { - if ($s =~ /^__/) { - next; - } - $result .= "<" . $s . ">"; - my $v = $symbol{$s}; - $result .= &get_xml($s, $v); - $result .= "</" . $s . ">"; - } - $result .= "</xml>"; - } else { - $result = $parser->execute_file($startfile); - if (!defined $result) { - die("Couldn't execute template file: $docroot/$startfile"); - } - } - - $r->send_http_header('text/html'); - print "$result\n"; - - return $HTTP_OK; -} - -sub escape_xml -{ - my ($v) = @_; - $v =~ s/\"/"/g; - $v =~ s/\'/'/g; - $v =~ s/\&/&/g; - $v =~ s/</</g; - $v =~ s/>/>/g; - return $v; -} - -sub get_xml -{ - my ($s, $v) = @_; - - my $result; - if (ref($v) eq "HASH") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $v{$xkey}); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "PKI::RA::CertInfo") { - my $certinfo = $v; - $result .= "<certinfo>"; - $result .= "<dn>" . $certinfo->get_dn() ."</dn>"; - $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>"; - $result .= "<friendly>" . $certinfo->get_user_friendly_name() . - "</friendly>"; - $result .= "</certinfo>"; - } elsif (ref($v) eq "PKI::RA::ReqCertInfo") { - my $reqcertinfo = $v; - $result .= "<reqcertinfo>"; - $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>"; - $result .= "<req>" . $reqcertinfo->get_request() ."</req>"; - $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>"; - $result .= "<certpp>" . &escape_xml($reqcertinfo->get_cert_pp()) ."</certpp>"; - $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>"; - $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>"; - $result .= "</reqcertinfo>"; - } elsif (ref($v) eq "ARRAY") { - my $pos = 0; - foreach my $item (@$v) { - $result .= "<element>"; - $result .= &get_xml("p" . $pos, $item); - # $result .= "-" . ref($item); - $result .= "</element>"; - $pos++; - } - } else { - $result .= &escape_xml($v); - } - return $result; -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Plugin/AutoAssign.pm b/base/ra/lib/perl/PKI/Request/Plugin/AutoAssign.pm deleted file mode 100644 index 671f2418d..000000000 --- a/base/ra/lib/perl/PKI/Request/Plugin/AutoAssign.pm +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins assigns a request to a group. -####################################### -package PKI::Request::Plugin::AutoAssign; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Instantiate this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - - my $assignTo = $cfg->get($prefix . ".assignTo"); - $queue->set_request($req->{'rowid'}, "assigned_to", $assignTo); -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Plugin/CreatePin.pm b/base/ra/lib/perl/PKI/Request/Plugin/CreatePin.pm deleted file mode 100644 index b90096664..000000000 --- a/base/ra/lib/perl/PKI/Request/Plugin/CreatePin.pm +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins creates a one time pin. -####################################### -package PKI::Request::Plugin::CreatePin; - -use DBI; -use PKI::Base::TimeTool; -use PKI::Base::PinStore; - -####################################### -# Instantiates this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - - - my $pin_format = $cfg->get($prefix . ".pinFormat"); - - my $client_id = ""; - my $site_id = ""; - - my $data = $req->{'data'}; - foreach $nv (split(/;/, $data)) { - my ($n, $v) = split(/=/, $nv); - $pin_format =~ s/\$$n/$v/g; - } - my $created_by = "admin"; - my $pin = $pin_store->create_pin($pin_format, $req->{'rowid'}, $created_by); - - # save pin to output - $output = "pin=" . $pin; - $queue->set_request_output($req->{'rowid'}, $output); - - $req->{'output'} = $output; - - $pin_store->close(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Plugin/EmailNotification.pm b/base/ra/lib/perl/PKI/Request/Plugin/EmailNotification.pm deleted file mode 100644 index 95274bfa7..000000000 --- a/base/ra/lib/perl/PKI/Request/Plugin/EmailNotification.pm +++ /dev/null @@ -1,100 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins mails a notification -# to an email specified in the request. -####################################### -package PKI::Request::Plugin::EmailNotification; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Instantiate this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub substitute { - my ($self, $cfg, $queue, $prefix, $req, $line) = @_; - - my $mail_to = $cfg->get($prefix . ".mailTo"); - - # if mail_to starts with $, retrieve value from request - if ($mail_to =~ /^\$/) { - $mail_to =~ s/\$//g; - $mail_to = $req->{$mail_to}; - } - my $machineName = $cfg->get("service.machineName"); - my $securePort = $cfg->get("service.securePort"); - my $unsecurePort = $cfg->get("service.unsecurePort"); - my $nonClientAuthSecurePort = $cfg->get("service.non_clientauth_securePort"); - my $subject_dn = $req->{'subject_dn'}; - - $line =~ s/\$mail_to/$mail_to/g; - $line =~ s/\$request_id/$req->{'rowid'}/g; - $line =~ s/\$machineName/$machineName/g; - $line =~ s/\$securePort/$securePort/g; - $line =~ s/\$unsecurePort/$unsecurePort/g; - $line =~ s/\$subject_dn/$subject_dn/g; - $line =~ s/\$nonClientAuthSecurePort/$nonClientAuthSecurePort/g; - return $line; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $ref = $queue->read_request($req->{rowid}); - - my $req_err = $ref->{errorString}; - if ($req_err ne "0") { - return; - } - - my $mail_to = $cfg->get($prefix . ".mailTo"); - if ($mail_to eq "") { - return; - } - - my $template_dir = $cfg->get($prefix . ".templateDir"); - my $template_file = $cfg->get($prefix . ".templateFile"); - - open(SENDMAIL, "|/usr/sbin/sendmail -t"); - open(F,"$template_dir/$template_file"); - while (<F>) { - print SENDMAIL $self->substitute($cfg, $queue, $prefix, $ref, $_); - } - close(F); - close(SENDMAIL); -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Plugin/RequestToCA.pm b/base/ra/lib/perl/PKI/Request/Plugin/RequestToCA.pm deleted file mode 100644 index 1c5b7d6b2..000000000 --- a/base/ra/lib/perl/PKI/Request/Plugin/RequestToCA.pm +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins mails a notification -# to an email specified in the request. -####################################### -package PKI::Request::Plugin::RequestToCA; - -use DBI; -use PKI::Base::TimeTool; -use PKI::Conn::CA; - -####################################### -# Instantiate this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - - my $ca = $cfg->get($prefix . ".ca"); - my $profile_id = $cfg->get($prefix . ".profileId"); - my $req_type = $cfg->get($prefix . ".reqType"); - - my $server_id = ""; - my $site_id = ""; - my $csr = ""; - my $csr_type = ""; - - my $data = $req->{'data'}; - foreach $nv (split(/;/, $data)) { - my ($n, $v) = split(/=/, $nv); - if ($n eq "server_id") { - $server_id = $v; - } - if ($n eq "site_id") { - $site_id = $v; - } - if ($n eq "csr") { - $csr = $v; - } - if ($n eq "csr_type") { - $csr_type = $v; - } - } - - if ($csr_type ne "") { - $req_type = $csr_type; - } - - my $ca_conn = PKI::Conn::CA->new(); - $ca_conn->open($cfg); - my $cert = $ca_conn->enroll($req->{'rowid'}, $ca, $profile_id, $req_type, $csr); - $queue->set_request($req->{'rowid'}, "output", $cert); - $req->{'output'} = $cert; - $ca_conn->close(); - -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Queue.pm b/base/ra/lib/perl/PKI/Request/Queue.pm deleted file mode 100644 index dc8418d22..000000000 --- a/base/ra/lib/perl/PKI/Request/Queue.pm +++ /dev/null @@ -1,387 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Request::Queue; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens request queue -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); - my $timeout = $self->{dbh}->func("busy_timeout"); - $self->{dbh}->func($timeout * 10, "busy_timeout"); -} - -####################################### -# Creates a new request -####################################### -sub invoke_plugins { - my ($self, $prefix, $type, $ref) = @_; - - my $num_plugins = $self->{cfg}->get($prefix . ".num_plugins"); - for (my $i = 0; $i < $num_plugins; $i++) { - my $plugin = $self->{cfg}->get($prefix . "." . $i . ".plugin"); - eval("require $plugin"); - my $p = $plugin->new(); - $p->process($self->{cfg}, $self, $prefix . "." . $i, $ref); - } -} - -####################################### -# Creates a new request -####################################### -sub create_request { - my ($self, $type, $data, $meta_info, $created_by) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $insert = "insert into requests (" . - "type" . "," . - "status" . "," . - "errorString" . "," . - "ip" . "," . - "data" . "," . - "serialno" . "," . - "subject_dn" . "," . - "meta_info" . "," . - "created_by" . "," . - "updated_at" . "," . - "created_at" . - ") values (" . - $dbh->quote($type) . "," . - $dbh->quote("OPEN") . "," . - $dbh->quote("0") . "," . - $dbh->quote($ENV{REMOTE_ADDR}) . "," . - $dbh->quote($data) . "," . - $dbh->quote("unavailable") . "," . - $dbh->quote("unavailable") . "," . - $dbh->quote($meta_info) . "," . - $dbh->quote($created_by) . "," . - $dbh->quote($now) . "," . - $dbh->quote($now) . - ")"; -REDO_CREATE_REQUEST: - eval { - $dbh->do($insert); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_CREATE_REQUEST; - } - my $rid = $dbh->func('last_insert_rowid'); - - my $ref = $self->read_request($rid); - - # call plugins - my $prefix = "request." . $type . ".create_request"; - $self->invoke_plugins($prefix, $type, $ref); - - return $rid; -} - -####################################### -# Reads a request -####################################### -sub read_request { - my ($self, $reqid) = @_; - my $dbh = $self->{dbh}; - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub read_request_by_roles { - my ($self, $roles, $reqid) = @_; - my $dbh = $self->{dbh}; - - my $select; - if (grep /^administrators/, @$roles) { - # administrator see all requests - $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - } else { - my $filter = $self->get_role_filter($roles); - $select = "select *,rowid from requests where " . - "(" . $filter . ")" . " AND " . - "rowid=" . $dbh->quote($reqid); - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -####################################### -# Sets request attributes -####################################### -sub set_request { - my ($self, $reqid, $name, $value) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update requests set " . - $name . "=" . $dbh->quote($value) . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where rowid=" . $dbh->quote($reqid); -REDO_SET_REQUEST: - eval { - $dbh->do($update); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_SET_REQUEST; - } - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -####################################### -# Sets output -####################################### -sub set_request_output { - my ($self, $reqid, $output) = @_; - - return $self->set_request($reqid, "output", $output); -} - -####################################### -# Approves a request -####################################### -sub approve_request { - my ($self, $reqid, $processed_by) = @_; - my $dbh = $self->{dbh}; - - # XXX - check assigned_to - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update requests set " . - "processed_by=" . $dbh->quote($processed_by) . "," . - "status='APPROVED' " . "," . - "errorString='0' " . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where rowid=" . $dbh->quote($reqid); -REDO_APPROVE_REQUEST: - eval { - $dbh->do($update); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_APPROVE_REQUEST; - } - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - # call plugins - my $prefix = "request." . $ref->{'type'} . ".approve_request"; - $self->invoke_plugins($prefix, $ref->{'type'}, $ref); - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -####################################### -# Rejects a request -####################################### -sub reject_request { - my ($self, $reqid, $processed_by) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update requests set " . - "processed_by=" . $dbh->quote($processed_by) . "," . - "status='REJECTED' " . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where rowid=" . $dbh->quote($reqid); -REDO_REJECT_REQUEST: - eval { - $dbh->do($update); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_REJECT_REQUEST; - } - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - # call plugins - my $prefix = "request." . $ref->{'type'} . ".reject_request"; - $self->invoke_plugins($prefix, $ref->{'type'}, $ref); - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -sub get_role_filter { - my ($self, $roles) = @_; - my $dbh = $self->{dbh}; - - my $filter = ""; - foreach $rr (@$roles) { - if ($filter eq "") { - $filter = "assigned_to=" . $dbh->quote($rr); - } else { - $filter = $filter . " OR " . "assigned_to=" . $dbh->quote($rr); - } - } - return $filter; -} - -####################################### -# Lists requests -####################################### -sub list_requests { - my ($self, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select *,rowid from requests " . - "order by rowid desc " . - "limit $startpos, $maxcount"; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -sub count_requests_by_roles { - my ($self, $roles, $status) = @_; - my $dbh = $self->{dbh}; - - my $select; - - if (grep /^administrators$/, @$roles) { - # administrator sees everything - $select = "select count(*) from requests where " . - "status like '$status%' "; - } else { - # shows requests that are owned by the groups - my $filter = $self->get_role_filter($roles); - $select = "select count(*) from requests where " . - "status like '$status%' AND " . - "(" . $filter . ") "; - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref->{'count(*)'}; -} - -sub list_requests_by_roles { - my ($self, $roles, $status, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - - my $select; - -# if ($roles =~ /administrators/) { - if (grep /^administrators$/, @$roles) { - # administrator sees everything - $select = "select *,rowid from requests where " . - "status like '$status%' " . - "order by rowid desc " . - "limit $startpos, $maxcount"; - } else { - # shows requests that are owned by the groups - my $filter = $self->get_role_filter($roles); - $select = "select *,rowid from requests where " . - "status like '$status%' AND " . - "(" . $filter . ") " . - "order by rowid desc " . - "limit $startpos, $maxcount"; - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -####################################### -# Closes request queue -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Service/Op.pm b/base/ra/lib/perl/PKI/Service/Op.pm deleted file mode 100644 index 602f1a29f..000000000 --- a/base/ra/lib/perl/PKI/Service/Op.pm +++ /dev/null @@ -1,290 +0,0 @@ -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::Service::Op; - -use PKI::Base::UserStore; -use PKI::Base::CertStore; - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub debug_log() -{ - my ($self, $cfg, $msg) = @_; - - my $date = `date`; - chomp($date); - open(DEBUG, ">>" . $cfg->get("logging.debug.filename")); - print DEBUG "$date - $msg\n"; - close(DEBUG); -} - -sub debug_params() -{ - my ($self, $cfg, $q) = @_; - - my $date = `date`; - chomp($date); - $self->debug_log($cfg, "$date - URL '" . $ENV{REQUEST_URI} . "'"); - my @names = $q->param(); - foreach my $k (@names) { - $self->debug_log($cfg, "$date - Param $k='" . $q->param($k) . "'"); - } -} - -sub get_client_certificate() -{ - my ($self) = @_; - - my $user_cert = $ENV{"SSL_CLIENT_CERT"}; - $user_cert =~ s/-----BEGIN CERTIFICATE-----//g; - $user_cert =~ s/-----END CERTIFICATE-----//g; - $user_cert =~ s/\n//g; - - return $user_cert; -} - -sub get_current_uid() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my $ref = $us->map_user($user_cert); - if (!defined($ref)) { - return ""; - } - $us->close(); - - return $ref->{'uid'}; -} - -sub get_csr_by_cert() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my $ref = $cs->map_certificate($user_cert); - if (!defined($ref)) { - return ""; - } - $us->close(); - - return $ref->{'csr'}; -} - -sub get_cert_record() -{ - my ($self, $cfg) = @_; - -$self->debug_log( $cfg, "in get_cert_record"); - my $user_cert = $self->get_client_certificate(); - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my $ref = $cs->map_certificate($user_cert); - if (!defined($ref)) { -$self->debug_log( $cfg, "in get_cert_record: map_certificate ref none"); - return ""; - } -$self->debug_log( $cfg, "in get_cert_record: got map_certificate ref"); - $cs->close(); - - return $ref; -} - -sub get_current_roles() -{ - my ($self, $cfg) = @_; - - my $uid = $self->get_current_uid($cfg); - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my @roles = $us->get_roles($uid); - $us->close(); - - return @roles; -} - -sub get_roles_of() -{ - my ($self, $cfg, $uid) = @_; - - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my @roles = $us->get_roles($uid); - $us->close(); - - return @roles; -} - -sub admin_auth() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - - # authentication - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my $ref = $us->map_user($user_cert); - if (!defined($ref)) { - return 0; - } - my @roles = $us->get_roles($ref->{'uid'}); - $us->close(); - - # authorization - my $authorized_groups = $cfg->get("admin.authorized_groups"); - $self->debug_log( $cfg, "in admin_auth: authorized groups are: $authorized_groups"); - my @authorizedGroups = split(/,/, $authorized_groups); - my $authorized = 0; - foreach my $role (@roles) { - $self->debug_log( $cfg, "in admin_auth: user has group $role"); - if (grep /^$role$/, @authorizedGroups) { - $self->debug_log( $cfg, "in admin_auth: group matched"); - $authorized = 1; - } - } - if (!$authorized) { - $self->debug_log( $cfg, "in admin_auth: no group matched"); - return 0; - } - return 1; -} - -sub agent_auth() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - - # authentication - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my $ref = $us->map_user($user_cert); - if (!defined($ref)) { - return 0; - } - my @roles = $us->get_roles($ref->{'uid'}); - my $j = join(",", @roles); - $self->debug_log( $cfg, "in agent_auth: $ref->{'uid'} has roles: $j"); - $us->close(); - - # authorization - my $authorized_groups = $cfg->get("agent.authorized_groups"); - $self->debug_log( $cfg, "in agent_auth: authorized groups are: $authorized_groups"); - my @authorizedGroups = split(/,/, $authorized_groups); - my $authorized = 0; - foreach $role (@roles) { - if (grep /^$role$/, @authorizedGroups) { - $self->debug_log( $cfg, "in agent_auth: group matched"); - $authorized = 1; - } - } - if (!$authorized) { - $self->debug_log( $cfg, "in agent_auth: no group matched"); - return 0; - } - return 1; -} - -sub process { - my ($self) = @_; -} - -sub escape_xml -{ - my ($v) = @_; - $v =~ s/\"/"/g; - $v =~ s/\'/'/g; - $v =~ s/\&/&/g; - $v =~ s/</</g; - $v =~ s/>/>/g; - return $v; -} - -sub get_xml -{ - my ($s, $v) = @_; - - my $result; - if (ref($v) eq "HASH") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $v{$xkey}); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "PKI::RA::GlobalVar") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $$v{$xkey}->()); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "ARRAY") { - my $pos = 0; - foreach my $item (@$v) { - $result .= "<element>"; - $result .= &get_xml("p" . $pos, $item); - # $result .= "-" . ref($item); - $result .= "</element>"; - $pos++; - } - } else { - $result .= &escape_xml($v); - } - return $result; -} - -sub xml_output { - my ($self, $c) = @_; - - my $result = "<xml>"; - foreach $s (sort keys %$c) { - if ($s =~ /^__/) { - next; - } - $result .= "<" . $s . ">"; - my $v = $$c{$s}; - $result .= &get_xml($s, $v); - $result .= "</" . $s . ">"; - } - $result .= "</xml>"; - return "$result\n"; -} - -sub execute { - my ($self) = @_; - $self->process(); -} - -1; diff --git a/base/ra/lib/perl/Template/Velocity.pm b/base/ra/lib/perl/Template/Velocity.pm deleted file mode 100755 index 848de65fd..000000000 --- a/base/ra/lib/perl/Template/Velocity.pm +++ /dev/null @@ -1,1099 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; - -package Template::Velocity::Executor; -sub new; - -package Template::Velocity; - - -# The Template::Velocity package implements a Template execution -# engine similar to the Java Velocity package. - -use Parse::RecDescent; -use Data::Dumper; -use Thread::Semaphore; - - -$Template::Velocity::parser; - -our $docroot="docroot"; -our $parser; -my %parsetrees = (); -my $debugflag = 0; -my $semaphore; - - -#GRAMMAR defined here - -my $vmgrammar = q{ - - { - use Data::Dumper; - sub Dumper - { - $::debugdumper = undef; - if ($::debugflag && $::debugdumper ) { return Data::Dumper(@_); } - else {""}; - } - - } - - -# Template is the top-level object - template: <skip:'[ \t]*'> section(s) /\Z/ - - section: blockdirective - | nonblockdirective - | plainline - - blockdirective: ifblock - | foreachblock - - plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n*/ - - HASH: '#' - -# HMM - this doesn't handle multiple variables on one line? - linecomp: variable - | <skip:'[ \t]*'> /[^\$\n]*/ - - nonblockdirective: '#' 'include' <commit> includeargs /\n*/ { $item[4] ; } - | '#' 'parse' <commit> parseargs /\n*/ { $item[4] ; } - | '#' 'set' <commit> setargs /\n*/ { $item[4] ; } - | <error:unknown command $text> - - - ifblock: ifdirective section(s) elseclause(?) enddirective - - -# this bubbles up the result of the expression inside the if() -# which is from the 'ifargs' rule - ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/ - - enddirective: <skip:'[ \t]*'> '#' 'end' "\n" - - elseclause: elsedirective section(s) - - elsedirective: '#' 'else' "\n" - - foreachblock: foreachdirective section(s) enddirective - - foreachdirective: '#' 'foreach' foreachargs "\n" - - ifargs: '(' expression ')' - | <error:Argument to if must be an expression: $text> - - foreachargs: '(' variablename 'in' variable ')' - | <error:Arguments to 'foreach' must be of form \$a in \$b: $text> - - includeargs: '(' string ')' - | <error:invalid argument to include: $text> - - parseargs: '(' expression ')' - | <error:invalid argument to parsearges: $text> - - - setargs: <skip:'[ \t]*'> '(' assignment ')' - | <error:Argument to set must be an assignment : $text> - - -# expression evaluation - -# this goes roughly in order of precendence: -# == -# &&, || -# +, - -# * -# ! - -# does not properly distinguish between lvalues and rvalues - - - expression: boolean - | <error> - - - assignment: variablename '=' boolean - - boolean: equality (boolean_operator equality)(?) - - boolean_operator: ( '&&' | '||' ) - - equality: summation (equality_operator summation)(?) - - - equality_operator: ( '==' | '!=' ) - - summation: product (summation_operator summation)(?) - - summation_operator: ( '+' | '-' ) - - -# must parenthesize operator '*' to get it to appear in the $item array - - product: negation ('*' product)(?) - -#XXX need to implement - negation: notoperator(?) factor - - notoperator: "!" - - factor: number - | string - | variable - - - -# These rules deal with variables -# handles $process -# $file.executablename -# $process.getpid() -# $person.getparent().getbrother().slap() -# $fred.getchildren() - -# You'd make a dependency on the 'variable' rule if you want the value -# of the variable. -# You'd make a dependency on the 'variablename' rule if you want the -# name of the variable. -# (There's no real difference here - the expression evaluation is -# in the variable() subroutine) - - variable: variablename { ["variable", $item[1][1] ]; } - - variablename: '$' identifier subfield(s?) - { - my $variableinfo = { - top => $item{identifier}, - fields => $item{'subfield(s?)'} - }; - $return = [ "variablename", \$variableinfo ]; - } - - subfield: '.' identifier arglist(?) - { - my $d; - my $a = $item{"arglist(?)"}; - my $args; - - #::debug "arglist = ".Dumper($a)."\n"; - if ($a) { - - my ($argcount, $al, $alpresent); - - #$args = @{$a}->[2]; - $args = $a->[0][2]; - #::debug "arglist args=".Dumper($args)."\n"; - $alpresent = $args; - $argcount = $#$args; - if ($alpresent && $argcount == -1) { - $args->[0] = [ ]; - } - } - - #::debug "arglist identifier=".$item{identifier}."\n"; - $return = [ "subfield", { - fieldname => $item{identifier}, - arglist => $args->[0], - } ]; - } - - arglist: '(' list(?) ')' - - list: expression (',' list)(s?) - - -# Basic data types -# identifiers, numbers and strings - - identifier: /[A-Za-z0-9_]+/ { $item[1]; } - - number: /\d+/ {$item[1]; } - - #XXX skip is all wrong here... should be in [] - string: <skip:'[ \t]'> '"' <skip:""> /[^"]*/ '"' { $return = ["string",$item[4]]; } - | <skip:'[ \t]'> "'" <skip:""> /[^']*/ "'" { $return = ["string",$item[4]]; } - - -# other literals - whitespace: /\s*/ - - -}; - - -# Get a parser object (transforming the built-in text grammar into RecDescent -# data structure). This object can be reused for parsing multiple velocity files -sub new -{ - #$::debugflag = 0; - my $class = shift; - $docroot = shift; - undef $::RD_HINT; - undef $::RD_WARN; - #$::RD_TRACE = 1; - $parser = new Parse::RecDescent($vmgrammar) or die "Bad Grammar\n"; - $semaphore = new Thread::Semaphore; - $Data::Dumper::Maxdepth = 1;; - my $self = {}; - $self->{parser} = $parser; - # ugly - :-( - $Template::Velocity::parser = $parser; - bless $self, $class; - return $self; -} - - -# Execute a template. Given a text string and a parser object, will return -# a parse tree, useful for feeding into the executor. -sub execute_string -{ - my $self = shift; - my $string = shift; - my $rule = shift; - if (! $rule ) { $rule = "template"; } - #print Dumper($self); - - my $parser = $self->{parser}; - my $parsetree = $parser->$rule($string); - my $executor = new Template::Velocity::Executor($parsetree, $parser ); - - my @value = $executor->run(); - #my @value = Template::Velocity::Executor::execute($parsetree, $parser); - my $value = shift @value; - return $value; -} - -sub execute_file_with_context -{ - - my $self = shift; - my $filename = shift; - my $hash = shift; - - # This perl Velocity implementation uses global variable to - # store values that go to the template. This is not thread - # safe and should be fixed in near future. - # - # For this release, we just a lock to prevent the global - # variable (i.e. symbol) being changed by multiple threads - # at the same time. - - $semaphore->down; - my %c = %$hash; - foreach my $h (keys %c) { - $::symbol{$h} = $c{$h}; - } - - my $rule; - my $tree = $parsetrees{$filename}; - - if (! $tree) { - $rule = "template"; - open my $fh, "<$docroot/$filename" or return undef; - my $string = join "",<$fh>; - close $fh; - $tree = $parser->$rule($string); - $parsetrees{$filename} = $tree; - } - - my $executor = new Template::Velocity::Executor($tree, $parser ); - - my @value = $executor->run(); - my $value = shift @value; - - $semaphore->up; - - return $value; - - -} - -sub execute_file -{ - - my $self = shift; - my $filename = shift; - - my $rule; - my $tree = $parsetrees{$filename}; - - if (! $tree) { - $rule = "template"; - open my $fh, "<$docroot/$filename" or return undef; - my $string = join "",<$fh>; - close $fh; - $tree = $parser->$rule($string); - $parsetrees{$filename} = $tree; - } - - my $executor = new Template::Velocity::Executor($tree, $parser ); - - my @value = $executor->run(); - my $value = shift @value; - return $value; - - -} - - - - - - - - -sub Dumper -{ - return ""; - if ($::debugflag && $::debugdumper) { - return Data::Dumper->Dump([@_]); - } - else {""}; -} - - - - -# This autoaction returns an array of each parse element -# The net result is a parse tree -# I couldn't use <autotree> because I wanted to preserve -# the order of the elements, and <autotree> returns a -# hashtable, not an array - -$::RD_AUTOACTION = q{ - [@item]; -}; - -# debug flags set here - - - - - - -######### EXECUTE FUNCTIONS - - -# These functions deal with executing the velocity parse tree -{ - package Template::Velocity::Executor::Rules; - use Data::Dumper; - - # this imports symbols from these other packages, so - # we don't have to always use the fully-qualified names - *exe_all = \&Template::Velocity::Executor::exe_all; - *exe_optional = \&Template::Velocity::Executor::exe_optional; - *execute = \&Template::Velocity::Executor::execute; - *debug = \&Template::Velocity::Executor::debug; - *indent = \&Template::Velocity::Executor::indent; - *deindent = \&Template::Velocity::Executor::deindent; -#XXX probably should be $, not & - *docroot = \&Template::Velocity::docroot; - - sub Dumper - { - return ""; - if ($::debugflag && $::debugdumper) { return Dumper(@_); } - else {""}; - } - - #template: <skip:'[ \t]*'> section(s) /\Z/ - sub template { - my $f = "template"; - my @item = exe_all(@_); - debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n"); - my $sections = $item[2]; - debug ("sections is a: ".(ref $sections)." - it should be an array\n"); - my $r= ( join "", @{$item[2]}); - return $r; - } - - - #linecomp: variable - # | <skip:'[ \t]*'> /[^\$\n]*/ - sub linecomp { - my $item; - debug ("linecomp: _[2] = '".$_[2]."'\n"); - if ($_[2]) { - debug ("linecomp: inside if\n"); - $item = $_[1].$_[2]; - } else { - debug ("linecomp: inside else{\n"); - ($item) = exe_all($_[1]); - debug ("linecomp: end of else}\n"); - debug ("linecomp: item =\n".Dumper($item)."\n"); - } - debug ("linecomp: returning $item\n"); - return $item; - } - - # plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n+/ - sub plainline { - my @item = exe_all(@_); - debug ("$::level in plainline - linecomps should be an array of text: .".Dumper($item[4])."\n"); - my $r = join "", @{$item[4]}; - debug ("$::level in plainline - joined as: $r\n"); - $r = $item[2] . $r. $item[5]; - debug ("$::level in plainline - returning : $r\n"); - return $r; - } - - sub expression { - debug ("$::level expression = ".Dumper($_[1])."\n"); - my ($item) = exe_all($_[1]); - debug ("$::level expression returning $item\n"); - return $item; - } - - #foreachblock: foreachdirective section(s) enddirective - sub foreachblock { - my $f = "foreachblock"; - debug ("$::level $f started!\n"); - my ($directive) = exe_all($_[1]); - debug ("$::level $f directive = \n".Dumper($directive)."\n"); - my ($variable, $list) = @{$directive}; - my $variablename = $$variable->{top}; - debug ("$::level $f variable = $variablename\n"); - debug ("$::level $f list = \n".Dumper($list)."\n"); - - my $result = ""; - foreach my $q (@{$list}) { - debug ("$::level $f q=$q\n"); - $::symbol{$variablename} = $q; - debug ("$::level $f setting variable $variablename = $q\n"); - - my ($sections) = exe_all($_[2]); - debug ("$::level $f sections was: ".Dumper($sections)."\n"); - $result .= join "",@{$sections}; - } - return $result; - } - - #foreachdirective: '#' 'foreach' foreachargs "\n" - sub foreachdirective { - my ($item) = exe_all($_[3]); - return $item; - } - - #foreachargs: '(' variablename 'in' expression ')' - sub foreachargs { - my $f = "foreachargs"; - my ($variable, $list) = exe_all($_[2], $_[4]); - debug ("$::level $f variable = \n".Dumper($variable)."\n"); - debug ("$::level $f list = \n".Dumper($list)."\n"); - return [$variable, $list]; - } - - # XXX if block should only execute section(s) if if arg is positve) - # likewise for else - #ifblock: ifdirective section(s) elseclause(?) enddirective - sub ifblock { - my $f = "ifblock"; - my @item = exe_all(@_); - debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n"); - my $sections = $item[2]; - my $else = $item[3]; - debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n"); - debug ("$::level item1: if expression = ".$item[1]."\n"); - debug ("$::level $f elseclause is a: ".(ref $else)." - it should be an scalar\n"); - my $r= ( - $item[1]>0 ? # if expression - (join "", @{$item[2]}) : - ($item[3] ? join "",@{$item[3]} : "") - ); - # this is not quite right ... elseclause returns a scalar (it joins the sections) - # so why do I have to join again here? possibly because it's a '?' - return $r; - } - - #elseclause: elsedirective section(s) - sub elseclause { - my $f = "elseclause"; - my ($sections) = exe_all($_[2]); - debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n"); - my $return = join "", @{$sections}; - debug ("$::level $f returning: $return\n"); - return $return; - } - - sub ifargs { - debug ("$::level ifargs [2] = ".Dumper($_[2])."\n"); - my ($item) = exe_all($_[2]); - debug ("$::level item = ".Dumper($item)."\n"); - my $r = $item>0 ? 1 : 0; - debug ("$::level ifargs returning $r\n"); - return $r; - } - - #ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/ - sub ifdirective { - my ($item) = exe_all($_[4]); - my $r = $item>0 ? 1 : 0; - debug ("$::level ifdirective returning $r\n"); - return $r; - } - - #boolean: equality (boolean_operator equality)(?) - sub boolean { - my $f = "boolean"; - my ($equality, $alt) = ( execute($_[1]), $_[2]); - my $r = $equality; - if (scalar @$alt) { - my ($op, $equality2) = exe_optional($alt, 1,2); - - if ($op eq '&&') { - $r = $equality && $equality2; - } - if ($op eq '||') { - $r = $equality || $equality2; - } - } - - return $r; - } - - - #summation: product (summation_operator summation)(?) - sub summation { - #my @item = exe_all(@_); - my $f = "summation"; - my ($product, $alt) = ( execute($_[1]), $_[2]); - debug("$::level $f - product = $product, alternation = $alt\n"); - debug("$::level $f - alternation = \n".Dumper($alt)."\n"); - - if (scalar @$alt) { - if (0) { - debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n"); - debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n"); - my ($operator, $summation) = ( execute($alt->[0][1]), execute($alt->[0][2]),); - } - my ($operator, $summation) = exe_optional($alt, 1,2); - - if ($operator eq '+') { return $product + $summation; - } else { return $product - $summation; } - } else { - return $product; - } - } - - - - #equality: summation (equality_operator summation)(?) - sub equality { - my $f = "equality"; - my ($summation, $alt) = ( execute($_[1]), $_[2] ); - - if (scalar @$alt) { - my ($operator, $summation2) = exe_optional($alt, 1,2); - - # string comparison used, so (0.0) is NOT equal to (0) - if ($operator eq '==') { return ($summation eq $summation2) ? 1:0; } - else { return ($summation eq $summation2) ? 0:1; } - } else { - return $summation; - } - } - - - sub product { - my $f = "product"; - my ($negation, $alt) = ( execute($_[1]), $_[2]); - debug("$::level $f negation = $negation, alternation = $alt\n"); - debug("$::level $f - alternation = ".Dumper($alt)."\n"); - - if (scalar @$alt) { - if (0) { - debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n"); - debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n"); - my ($operator, $product) = ( execute($alt->[0][1]), execute($alt->[0][2]),); - } - my ($operator, $product) = exe_optional($alt,1,2); - return ($negation * $product); - } else { - return $negation; - } - } - - sub factor { - my ($value) = exe_all($_[1]); - return $value; - } - - #negation: notoperator(?) factor - sub negation { - debug ("$::level in negation... input = ".(join ",",@_)."\n"); - #my @item = exe_all(@_); - my ($alt, $value) = ( $_[1], execute($_[2]) ); - debug ("$::level negation: alternation= $alt\n"); - debug ("$::level negation: value = $value\n"); - my $operator = execute($alt->[0][1]); - - my $r; - if ($operator && $operator eq '!') { - if ($value ) { $r = 0; } - else { $r = 1; } - debug ("$::level negation: inverting\n"); - } else { - debug ("$::level negation: not inverting\n"); - $r = $value; - } - debug ("$::level negation: returning $r\n"); - return $r; - } - - #setargs: <skip:'[ \t]*'> '(' assignment ')' - sub setargs { - my $f = "setargs"; - my ($args) = exe_all($_[3]); - debug("$::level $f args = \n".Dumper($args)."\n"); - my ($variable, $value) = @{$args}; - debug("$::level $f variable type =".(ref $variable)."\n"); - debug("$::level $f variable = \n".Dumper($variable)."\n"); - my $symbolname = $$variable->{top}; - debug("$::level $f setting variable '$symbolname' = $value\n"); - $::symbol{$symbolname} = $value; - return ""; - } - - #assignment: variablename '=' boolean - sub assignment { - my $f = "assignment"; - my ($variable, $value) = exe_all($_[1],$_[3]); - debug("$::level $f variable = \n".Dumper($variable)."\n"); - my $r = [ $variable, $value ]; - debug("$::level $f returning: \n".Dumper($r)."\n"); - return $r; - } - - #includeargs: '(' string ')' - sub includeargs { - my $f = "includeargs"; - my ($filename ) = execute($_[2]); - - debug("including file: $filename\n"); - open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n"; - my $file = join "", <$fh>; - close FILE; - - return $file; - } - - sub parseargs { - my $f = "parseargs"; - my ($filename ) = execute($_[2]); - - debug("parsing file: $filename\n"); - - #open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n"; - #my $file = join "", <$fh>; - #close FILE; - - #my $parsetree = $Template::Velocity::parser->template($file); - #my @value = execute($parsetree); - #my $value = shift @value; - - my @value = Template::Velocity::execute_file(undef,$filename); - my $value = shift @value; - - return $value; - } - -# variables - -# variables -# this rule converts a variable name/identifier into its value -# $main.subfield(argument1,argument2).subfield2(arg1,arg2) -# There are two data structures at work here. -# 1. the data structure specifying the variable name to be queried -# this represents $a.b.c(100,9,5,4) -#{ -# 'top' => 'a' -# 'fields' => [ -# { 'fieldname' => 'b', 'arglist' => undef }, -# { 'fieldname' => 'c', 'arglist' => [ '100', 9, 5, '4', ], } -# ], -#} -# 2. Data structure specifying the symbol table - -# return value could be: -# a scalar: either a string/number value or reference to an array of values -# an array - - sub variable { -# look up the root object in the symbol table - my $f = "variable"; - debug("$::level $f: input\n".Dumper(\@_)."\n"); - my $var = $_[1]; - debug("$::level $f var=\n".Dumper($var)."\n"); -# $$var works with # 27: '#set (\$a=1+3)\n\$a\n' -#0 REF(0x8fa0510) -# -> HASH(0x8fa1454) -# 'fields' => ARRAY(0x8fa8c08) -# empty array -# 'top' => 'a' - -# $var works with # 25: '$employee.add(100,4+5,2+3,4,4,5,6)' -#DB<2> x $var -#0 HASH(0x9c7a340) -# 'fields' => ARRAY(0xa06e7d8) -# 0 ARRAY(0xa06e9ac) -# 0 'subfield' -# 1 HASH(0xa06e880) -# 'arglist' => ARRAY(0xa074184) - - my $top = $$var->{top}; # name of the root object - debug("$::level $f top=\n".Dumper($top)."\n"); - my $fields = $$var->{fields}; # array of the subidentifiers - my $val = ""; - - debug("$::level $f - top_id = $top\n"); - debug("$::level $f : var: \n".Dumper($var)."\n"); - debug("$::level $f - fields = \n".Dumper($fields)."\n"); - - - debug("$::level $f : top = ".$top."\n"); - if (! defined $::symbol{$top} ) { -# XXX - debug ("symbol table = ",(join ",",sort keys %::symbol)."\n"); - debug ("undefined variable: $top\n"); - return 0; - } - debug("$::level $f symbol table: \n".Dumper(\%::symbol)."\n"); - $val = $::symbol{$top}; - debug("$::level $f val before: \n".Dumper($val)."\n"); - - debug("$::level $f - fields = \n".Dumper($fields)."\n"); - my $pass = 1; - foreach my $field (@$fields) { - my $args; - - my ($fieldname, $values); - { - debug("$::level $f pass $pass \@_=\n".Dumper(\@_)."\n"); - debug("$::level $f before strip field = \n".Dumper($field)."\n"); -#shift @$fn; # 'subfield' string -#$fn = $fn->[0]; -#$fn = [ (@{$fn}) ]; -#shift @$fn; - debug("$::level $f after strip fn = \n".Dumper($field)."\n"); - - $fieldname = $field->[1]->{fieldname}; - debug("$::level $f processing field: $fieldname\n"); - $args= $field->[1]->{arglist}; - - -# convert the argument list (which could be expressions, other -# variables, etc) into raw values - if ($args) { - debug("$::level $f executing $fieldname with args:\n".Dumper($args)."\n"); - ($values) = execute($args); - debug("$::level $f returned values:\n".Dumper($values)."\n"); - } - } - - debug("$::level $f after execute, \@_=\n".Dumper(\@_)."\n"); - -#call the function - if (ref $val) { - debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n"); - debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n"); - if ($args) { - debug("$::level $f: function call\n"); -#$val = $$val->$fieldname ($args); # method call - my $func = $val->{$fieldname}; # method call - debug("$::level $f: $fieldname func=\n ".Dumper($func)."\n"); - no strict; - $val = &$func($val, @$values); - debug("$::level $f: $fieldname result=$val\n"); - debug("$::level $f: $fieldname result=\n".Dumper($val)."\n"); - - } else { - &::debug("$::level $f: plain field access\n"); - if (ref $val eq "REF") { - $val = $$val->{$fieldname}; # field access - } else { - $val = $val->{$fieldname}; # field access - } - } - debug("$::level $f } inside loop(after val retrieval) val=\n".Dumper($val)."\n"); - } - $pass++; - - } - - return $val; - } - - #$return = [ "variablename", \$variableinfo ]; - sub variablename { - my $f = "variablename"; - debug("$::level $f: input\n".Dumper(\@_)."\n"); - my $var = $_[1]; - return $var; - } - - #arglist: '(' list(?) ')' - sub arglist { - my ($list) = exe_all($_[2]); - debug("$::level list: ".Dumper($list)."\n"); - if ($list) { - my $ll = $list->[0]; - debug("$::level ll \n".Dumper($ll)."\n"); - debug("$::level \$\$list: \n"); - return $ll; - } - return undef; - } - - #list: expression (',' list)(s?) - sub list { - my ($expr, $alt) = ( execute($_[1]), $_[2] ); - - if (scalar @$alt) { - my ($list) = exe_optional($alt, 2); - - debug("$::level list: expr: $expr\n"); - debug("$::level list: list: $list\n:"); - debug("$::level list ".Dumper($list)."\n"); - my $r = [ $expr, (@$list) ]; - return $r; - } - debug("$::level returning simple expression: $expr\n:"); - return [$expr]; - } - - - - sub _default { - debug ("$::level default rule {\n"); - indent(); - debug ("$::level parsing parameters\n"); - my @item = exe_all(@_); - debug ("$::level default rule - last item in array is: ".$item[$#item]."\n"); - my $r = join "",@item[1..$#item]; - debug ("$::level default rule - returning: $r\n"); - deindent(); - debug ("$::level }\n"); - return $r; - - } - - -} - - -package Template::Velocity::Executor; - -use Data::Dumper; - - - -sub new -{ - my $class = shift; - - my $parsetree = shift; - my $parser = shift; - - my $self = {}; - $self->{parser} = $parser; - $self->{parsetree} = $parsetree; - bless $self, $class; - return $self; -} - - -sub run { - my $self = shift; - - return (execute($self->{parsetree})); -} - - - -my $level = " "; - -sub debug { - if ($::debugflag) { - print @_; - } -} - -# This basically all works calling execute($parsetree). -# Execute will look the Parsetree, which is built by a special autoaction -# -# It will call top-down, into functions called 'Executor::XXX', (where XXX is -# the name of the production) -# -# Additional trees, representing child productions, will be passed in -# as arguments to the Executor::XXX function. These arguments be processed -# before the Executor::XXX function can proceed. -# -# If no such function is present, Executor:_default will be run -# -# To process the arguments, use this in the Executor function: -# my @item = exe(@_); -# Which will give you an @item array similar to that in the RD rules, one -# exception being that productions which return arrays are flattened into -# the @item array. (bad idea?) -# - - - -# executes a parsetree (gotten as a result of calling recdescent $parser->rule() -# and returns the string value of the result. - -sub Dumper { - ""; -} - -sub execute { - my $result; - my $tree = shift; # a reference to a tree is passed in - debug "$level execute: {\n"; - indent(); - debug ("$level tree = \n".Dumper($tree)."\n"); - -# there are 3 possible things this tree could be: - -# 1 a scalar .. in which case this rule represents a literal, and the -# the literal is just returned -# -# 2 an array of the form (array, ...) - in which case this is the result of a production -# which returned an array of trees. This happens -# if you specify (s), (?), etc, in a production. -# 3 an array of the form (scalar, ...) - in which case this refers to a subrule -# - -# case 1... - my $type = ref $tree; - if ($type) { - debug "\n$level tree type: ".(ref $tree)." \n"; - } else { - debug "\n$level tree type: scalar \n"; - } - if ($type ne "ARRAY") { - debug "$level returning literal: '$tree'\n"; - deindent(); - debug "$level }\n\n"; - return $tree; - } - - my @result; - -# if this tree is the result of a auto-generated rule (e.g. alternation) -# then tree[0] is not a name.. it is an array. just call the default action with -# the arguments - - my $rule = @{$tree}->[0]; # rule name is first - - if ($rule && ref $rule eq "ARRAY") { # case 2 - debug "$level element[0] is an array (case 2) \n"; - debug "$level contents of input: \n".Dumper(\@{$tree})."\n"; - #@result = exe(@{$rule}); - debug "$level running exe on the array..\n"; - # not sure about this... - @result = (exe_all(@{$tree})); - debug "$level contents of output: \n".Dumper(\@result)."\n"; - #shift @result; # get rid of function name - $result = \@result; - - } else { # case 3 - my @args = @{$tree}; - - debug "$level rule is a function to execute (case 3): '$rule'\n"; - indent(); - my $qr = "Template::Velocity::Executor::Rules::$rule"; - if (defined &$qr) { - no strict ; - $result = (&$qr(@args)); - } else { - debug "$level no function defined for: '$rule' - calling default action\n"; - $result = Template::Velocity::Executor::Rules::_default(@args); - } - } - deindent(); - debug "$level function: $rule returned=\n".Dumper($result)."\n"; - - debug "$level }\n"; - return $result; - - } - -# these hold and set the current indent level. It's only used for nested debug messages -sub indent { - if (!$debugflag) { return; } - $level .= " "; - $Data::Dumper::Pad = $level." "; -} -sub deindent { - if (!$debugflag) { return; } - $level = substr ($level,0,-2); - $Data::Dumper::Pad = $level." "; -} - - -sub exe_optional { - my @r; - my $f = shift; - foreach my $q (@_) { - debug("$level: getting arg# $q\n"); - push @r, execute($f->[0][$q]); - } - return @r; -} - -# exe: for each argument, run the 'execute' function -# - -sub exe_all { - my $d = $Data::Dumper::Maxdepth; - $Data::Dumper::Maxdepth = 9; - debug "\n$level exe_all (".$_[0].") arguments: {\n".Dumper(\@_)." \n"; - my @r; - indent(); - - foreach my $i (@_) { - push @r, execute($i); - } - deindent(); - debug "$level exe_all: returning: \n".Dumper(\@r)."$level}\n\n"; - $Data::Dumper::Maxdepth = $d; - return @r; -} - - - - - -#package PKI::RA::GlobalVar; - -#sub new { my $self = {}; bless $self; return $self; } - - -1; - diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target deleted file mode 100644 index e1a4f808e..000000000 --- a/base/ra/lib/systemd/system/pki-rad.target +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=PKI Registration Authority Server -After=syslog.target network.target - -[Install] -WantedBy=multi-user.target diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service deleted file mode 100644 index 5432c62b2..000000000 --- a/base/ra/lib/systemd/system/pki-rad@.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=PKI Registration Authority Server %i -After=pki-rad.target -BindTo=pki-rad.target - -[Service] -Type=forking -ExecStart=/usr/bin/pkicontrol start ra %i -ExecStop=/usr/bin/pkicontrol stop ra %i - -[Install] -WantedBy=multi-user.target diff --git a/base/ra/scripts/nss_pcache b/base/ra/scripts/nss_pcache deleted file mode 100755 index c1f6b6c31..000000000 --- a/base/ra/scripts/nss_pcache +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -# Check to insure that this script's original invocation directory -# has not been deleted! -CWD=`/bin/pwd > /dev/null 2>&1` -if [ $? -ne 0 ] ; then - echo "Cannot invoke '$0' from non-existent directory!" - exit 255 -fi - -OS=`uname -s` - -if [ $OS = "Linux" ]; then - PLATFORM=`arch` - if [ $PLATFORM = "i686" ]; then - # 32-bit Linux - LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH - elif [ $PLATFORM = "x86_64" ]; then - # 64-bit Linux - LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:/usr/lib:$LD_LIBRARY_PATH - fi - export LD_LIBRARY_PATH -elif [ $OS = "SunOS" ]; then - PLATFORM=`uname -p` - if [ "${PLATFORM}" = "sparc" ] && - [ -d "/usr/lib/sparcv9/" ] ; then - PLATFORM="sparcv9" - fi - if [ $PLATFORM = "sparc" ]; then - # 32-bit Solaris - LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH - elif [ $PLATFORM = "sparcv9" ]; then - # 64-bit Solaris - LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH - fi - export LD_LIBRARY_PATH -fi - -FORTITUDE_DIR=/usr/sbin -if [ $OS = "SunOS" ]; then - FORTITUDE_DIR=/opt/fortitude/bin -fi - -$FORTITUDE_DIR/nss_pcache $@ diff --git a/base/ra/scripts/schema.sql b/base/ra/scripts/schema.sql deleted file mode 100644 index 18fd8a39c..000000000 --- a/base/ra/scripts/schema.sql +++ /dev/null @@ -1,33 +0,0 @@ -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# sql schema -# -CREATE TABLE requests ( type TEXT, ip TEXT, note TEXT, data TEXT, output TEXT, serialno TEXT, subject_dn TEXT, meta_info TEXT, status TEXT, errorString TEXT, processed_by TEXT, assigned_to TEXT, updated_at TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE users ( uid TEXT, name TEXT, password TEXT, email TEXT, certificate TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE groups ( gid TEXT, name TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE roles ( uid TEXT, gid TEXT ) -CREATE TABLE pins ( key TEXT, pin TEXT, rid TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE certificates ( rid TEXT, csr TEXT, subject_dn TEXT, certificate TEXT, serialno TEXT, approved_by TEXT, created_at TEXT ) -# -# add defaults -# -INSERT INTO groups (gid, name) values ('administrators','Administrators'); -INSERT INTO groups (gid, name) values ('agents','Agents'); diff --git a/base/ra/setup/CMakeLists.txt b/base/ra/setup/CMakeLists.txt deleted file mode 100644 index 0e81ca150..000000000 --- a/base/ra/setup/CMakeLists.txt +++ /dev/null @@ -1,7 +0,0 @@ -install( - FILES - pkidaemon_registry - registry_instance - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/setup -) diff --git a/base/ra/setup/pkidaemon_registry b/base/ra/setup/pkidaemon_registry deleted file mode 100644 index d0377ebbf..000000000 --- a/base/ra/setup/pkidaemon_registry +++ /dev/null @@ -1,119 +0,0 @@ -# Establish PKI Variable "Slot" Substitutions - -PKI_WEB_SERVER_TYPE=[PKI_WEB_SERVER_TYPE] -export PKI_WEB_SERVER_TYPE - -PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE] -export PKI_SUBSYSTEM_TYPE - -PKI_USER=[PKI_USER] -export PKI_USER - -PKI_GROUP=[PKI_GROUP] -export PKI_GROUP - -PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] -export PKI_INSTANCE_NAME - -PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] -export PKI_INSTANCE_PATH - -PKI_INSTANCE_INITSCRIPT=[PKI_INSTANCE_INITSCRIPT] -export PKI_INSTANCE_INITSCRIPT - -PKI_HTTPD_CONF=[HTTPD_CONF] -export PKI_HTTPD_CONF - -PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] -export PKI_INSTANCE_PATH - -PKI_SYSTEM_USER_LIBRARIES=[SYSTEM_USER_LIBRARIES] -export PKI_SYSTEM_USER_LIBRARIES - -PKI_FORTITUDE_DIR=[FORTITUDE_DIR] -export PKI_FORTITUDE_DIR - -PKI_NSS_CONF=[NSS_CONF] -export PKI_NSS_CONF - -PKI_HOSTNAME=[PKI_HOSTNAME] -export PKI_HOSTNAME - -PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_NAME}.pid" -export PKI_LOCK_FILE - -PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_NAME}.pid" -export PKI_PID_FILE - -PKI_SELINUX_TYPE="pki_ra_t" -export PKI_SELINUX_TYPE - -pki_instance_configuration_file=${PKI_INSTANCE_PATH}/conf/CS.cfg -export pki_instance_configuration_file - -RESTART_SERVER=${PKI_INSTANCE_PATH}/conf/restart_server_after_configuration -export RESTART_SERVER - -######################################################################## -# This section contains modified content of "/etc/sysconfig/httpd" # -######################################################################## -# Configuration file for the ${PKI_INSTANCE_NAME} service. - -# -# The default processing model (MPM) is the process-based -# 'prefork' model. A thread-based model, 'worker', is also -# available, but does not work with some modules (such as PHP). -# The service must be stopped before changing this variable. -# -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd -export PKI_HTTPD - -# -# To pass additional options (for instance, -D definitions) to the -# httpd binary at startup, set PKI_OPTIONS here. -# -PKI_OPTIONS="-f ${PKI_HTTPD_CONF}" -export PKI_OPTIONS - -# -# By default, the httpd process is started in the C locale; to -# change the locale in which the server runs, the PKI_HTTPD_LANG -# variable can be set. -# -PKI_HTTPD_LANG=C -export PKI_HTTPD_LANG -######################################################################## -# # -######################################################################## - -# This will prevent initlog from swallowing up a pass-phrase prompt if -# mod_ssl needs a pass-phrase from the user. -PKI_INITLOG_ARGS="" -export PKI_INITLOG_ARGS - -# Set PKI_HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server -# with the thread-based "worker" MPM; BE WARNED that some modules may not -# work correctly with a thread-based MPM; notably PHP will refuse to start. - -# Path to the server binary and short-form for messages. -httpd=${PKI_HTTPD} -export httpd - -pki_logs_directory=${PKI_INSTANCE_PATH}/logs -export pki_logs_directory - -# see if httpd is linked with the openldap libraries - we need to override -# their use of OpenSSL -if [ ${OS} = "Linux" ]; then - hasopenldap=0 - - /usr/bin/ldd ${httpd} 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1 - - if [ ${hasopenldap} -eq 1 ] ; then - LD_PRELOAD="${PKI_SYSTEM_USER_LIBRARIES}/libssl3.so:${LD_PRELOAD}" - export LD_PRELOAD - fi -elif [ ${OS} = "SunOS" ]; then - LD_PRELOAD_64="${PKI_SYSTEM_USER_LIBRARIES}/dirsec/libssl3.so:${LD_PRELOAD_64}" - export LD_PRELOAD_64 -fi diff --git a/base/ra/setup/registry_instance b/base/ra/setup/registry_instance deleted file mode 100644 index b84fea379..000000000 --- a/base/ra/setup/registry_instance +++ /dev/null @@ -1,116 +0,0 @@ -# Establish PKI Variable "Slot" Substitutions - -PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE] -export PKI_SUBSYSTEM_TYPE - -PKI_USER=[PKI_USER] -export PKI_USER - -PKI_GROUP=[PKI_GROUP] -export PKI_GROUP - -PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] -export PKI_INSTANCE_NAME - -PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] -export PKI_INSTANCE_PATH - -PKI_INSTANCE_INITSCRIPT=[PKI_INSTANCE_INITSCRIPT] -export PKI_INSTANCE_INITSCRIPT - -PKI_HTTPD_CONF=[HTTPD_CONF] -export PKI_HTTPD_CONF - -PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] -export PKI_INSTANCE_PATH - -PKI_SYSTEM_USER_LIBRARIES=[SYSTEM_USER_LIBRARIES] -export PKI_SYSTEM_USER_LIBRARIES - -PKI_FORTITUDE_DIR=[FORTITUDE_DIR] -export PKI_FORTITUDE_DIR - -PKI_NSS_CONF=[NSS_CONF] -export PKI_NSS_CONF - -PKI_HOSTNAME=[PKI_HOSTNAME] -export PKI_HOSTNAME - -PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_NAME}.pid" -export PKI_LOCK_FILE - -PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_NAME}.pid" -export PKI_PID_FILE - -PKI_SELINUX_TYPE="pki_ra_t" -export PKI_SELINUX_TYPE - -pki_instance_configuration_file=${PKI_INSTANCE_PATH}/conf/CS.cfg -export pki_instance_configuration_file - -RESTART_SERVER=${PKI_INSTANCE_PATH}/conf/restart_server_after_configuration -export RESTART_SERVER - -######################################################################## -# This section contains modified content of "/etc/sysconfig/httpd" # -######################################################################## -# Configuration file for the ${PKI_INSTANCE_NAME} service. - -# -# The default processing model (MPM) is the process-based -# 'prefork' model. A thread-based model, 'worker', is also -# available, but does not work with some modules (such as PHP). -# The service must be stopped before changing this variable. -# -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd -export PKI_HTTPD - -# -# To pass additional options (for instance, -D definitions) to the -# httpd binary at startup, set PKI_OPTIONS here. -# -PKI_OPTIONS="-f ${PKI_HTTPD_CONF}" -export PKI_OPTIONS - -# -# By default, the httpd process is started in the C locale; to -# change the locale in which the server runs, the PKI_HTTPD_LANG -# variable can be set. -# -PKI_HTTPD_LANG=C -export PKI_HTTPD_LANG -######################################################################## -# # -######################################################################## - -# This will prevent initlog from swallowing up a pass-phrase prompt if -# mod_ssl needs a pass-phrase from the user. -PKI_INITLOG_ARGS="" -export PKI_INITLOG_ARGS - -# Set PKI_HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server -# with the thread-based "worker" MPM; BE WARNED that some modules may not -# work correctly with a thread-based MPM; notably PHP will refuse to start. - -# Path to the server binary and short-form for messages. -httpd=${PKI_HTTPD} -export httpd - -pki_logs_directory=${PKI_INSTANCE_PATH}/logs -export pki_logs_directory - -# see if httpd is linked with the openldap libraries - we need to override -# their use of OpenSSL -if [ ${OS} = "Linux" ]; then - hasopenldap=0 - - /usr/bin/ldd ${httpd} 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1 - - if [ ${hasopenldap} -eq 1 ] ; then - LD_PRELOAD="${PKI_SYSTEM_USER_LIBRARIES}/libssl3.so:${LD_PRELOAD}" - export LD_PRELOAD - fi -elif [ ${OS} = "SunOS" ]; then - LD_PRELOAD_64="${PKI_SYSTEM_USER_LIBRARIES}/dirsec/libssl3.so:${LD_PRELOAD_64}" - export LD_PRELOAD_64 -fi |