summaryrefslogtreecommitdiffstats
path: root/base/server
diff options
context:
space:
mode:
Diffstat (limited to 'base/server')
-rw-r--r--base/server/etc/default.cfg22
-rw-r--r--base/server/scripts/operations21
-rw-r--r--base/server/src/engine/pkiconfig.py10
-rw-r--r--base/server/src/engine/pkihelper.py6
-rw-r--r--base/server/src/engine/pkiparser.py12
-rwxr-xr-xbase/server/src/pkidestroy4
-rwxr-xr-xbase/server/src/pkispawn4
-rw-r--r--base/server/src/scriptlets/configuration.py9
-rw-r--r--base/server/src/scriptlets/webapp_deployment.py3
9 files changed, 63 insertions, 28 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index b2af83857..b67b6670e 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -189,13 +189,13 @@ pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type)
## Tomcat Configuration: ##
## ##
## Values in this section are common to PKI subsystems that run ##
-## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ##
+## as an instance of 'Tomcat' (CA, KRA, OCSP, TKS, and TPS subsystems ##
## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ##
## required information which MAY be overridden by users as necessary. ##
## ##
## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ##
-## or a 'TKS Clone', change the value of 'pki_clone' ##
-## from 'False' to 'True'. ##
+## a 'TKS Clone', or a 'TPS Clone', change the value of ##
+## 'pki_clone' from 'False' to 'True'. ##
## ##
## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
## are MUTUALLY EXCLUSIVE entities!!! ##
@@ -334,6 +334,8 @@ pki_ocsp_jar=/usr/share/java/pki/pki-ocsp.jar
pki_ocsp_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-ocsp.jar
pki_tks_jar=/usr/share/java/pki/pki-tks.jar
pki_tks_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-tks.jar
+pki_tps_jar=/usr/share/java/pki/pki-tps.jar
+pki_tps_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-tps.jar
@@ -525,6 +527,20 @@ pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_na
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[TPS]
+pki_import_admin_cert=True
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=tpsadmin
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s TPS
+pki_audit_signing_subject_dn=cn=TPS Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_name)s-TPS
+pki_ds_database=%(pki_instance_name)s-TPS
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=TPS %(pki_hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s TPS
+pki_subsystem_subject_dn=cn=TPS Subsystem Certificate,o=%(pki_security_domain_name)s
# Paths
# These are used in the processing of pkispawn and are not supposed
diff --git a/base/server/scripts/operations b/base/server/scripts/operations
index 2a07802f8..93d3bda90 100644
--- a/base/server/scripts/operations
+++ b/base/server/scripts/operations
@@ -1080,11 +1080,13 @@ verify_symlinks()
declare -A kra_symlinks
declare -A ocsp_symlinks
declare -A tks_symlinks
+ declare -A tps_symlinks
declare -A common_jar_symlinks
declare -A ca_jar_symlinks
declare -A kra_jar_symlinks
declare -A ocsp_jar_symlinks
declare -A tks_jar_symlinks
+ declare -A tps_jar_symlinks
declare -A systemd_symlinks
# Dogtag 10 Conditional Variables
@@ -1104,6 +1106,7 @@ verify_symlinks()
pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib"
pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib"
pki_tks_jar_dir="${PKI_INSTANCE_PATH}/webapps/tks/WEB-INF/lib"
+ pki_tps_jar_dir="${PKI_INSTANCE_PATH}/webapps/tps/WEB-INF/lib"
# '${PKI_INSTANCE_PATH}' symlinks
base_symlinks=(
@@ -1187,6 +1190,24 @@ verify_symlinks()
[pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar
[pki-tks.jar]=${java_dir}/pki/pki-tks.jar)
+ # '${PKI_INSTANCE_PATH}/tps' symlinks
+ tps_symlinks=(
+ [alias]=${PKI_INSTANCE_PATH}/alias
+ [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tps
+ [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tps
+ [registry]=${pki_registry_dir}
+ [webapps]=${PKI_INSTANCE_PATH}/webapps)
+
+ # '${pki_tps_jar_dir}' symlinks
+ tps_jar_symlinks=(
+ [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar
+ [pki-cms.jar]=${java_dir}/pki/pki-cms.jar
+ [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar
+ [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar
+ [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar
+ [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar
+ [pki-tps.jar]=${java_dir}/pki/pki-tps.jar)
+
# '${pki_common_jar_dir}' symlinks
common_jar_symlinks=(
[apache-commons-codec.jar]=${java_dir}/commons-codec.jar
diff --git a/base/server/src/engine/pkiconfig.py b/base/server/src/engine/pkiconfig.py
index 3a3a7df18..6a86de087 100644
--- a/base/server/src/engine/pkiconfig.py
+++ b/base/server/src/engine/pkiconfig.py
@@ -39,15 +39,15 @@ PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser"
PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"]
PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"]
-PKI_APACHE_SUBSYSTEMS = ["RA","TPS"]
-PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"]
+PKI_APACHE_SUBSYSTEMS = ["RA"]
+PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS", "TPS"]
PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra",
- "lib", "logs", "ocsp", "temp", "tks", "webapps",
+ "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps",
"work"]
PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg",
"rsyslog", "tls"]
-PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"]
-PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"]
+PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra"]
+PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks", "tps"]
PKI_INDENTATION_LEVEL_0 = {'indent' : ''}
PKI_INDENTATION_LEVEL_1 = {'indent' : '... '}
diff --git a/base/server/src/engine/pkihelper.py b/base/server/src/engine/pkihelper.py
index 9c775f65d..8ca83be67 100644
--- a/base/server/src/engine/pkihelper.py
+++ b/base/server/src/engine/pkihelper.py
@@ -520,7 +520,7 @@ class configuration_file:
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_password",
master['pki_user_deployment_cfg']))
# Verify existence of Security Domain Password File
- # (ONLY for Clones, KRA, OCSP, TKS, or Subordinate CA)
+ # (ONLY for Clones, KRA, OCSP, TKS, TPS, or Subordinate CA)
if config.str2bool(master['pki_clone']) or\
not master['pki_subsystem'] == "CA" or\
config.str2bool(master['pki_subordinate']):
@@ -3169,7 +3169,7 @@ class config_client:
config.str2bool(master['pki_clone']) or\
config.str2bool(master['pki_subordinate']):
# PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
- # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or
+ # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or
# Subordinate CA
self.set_existing_security_domain(data)
else:
@@ -3399,7 +3399,7 @@ class config_client:
config.str2bool(master['pki_subordinate']) or\
config.str2bool(master['pki_external']):
# PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
- # CA Clone, KRA Clone, OCSP Clone, TKS Clone,
+ # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone,
# Subordinate CA, or External CA
data.issuingCA = master['pki_issuing_ca']
if master['pki_subsystem'] == "CA" and\
diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py
index 8c9b6d620..340780204 100644
--- a/base/server/src/engine/pkiparser.py
+++ b/base/server/src/engine/pkiparser.py
@@ -880,9 +880,9 @@ class PKIConfigParser:
# 'Subsystem Name' Configuration name/value pairs
# 'Token' Configuration name/value pairs
#
- # Apache - [RA], [TPS]
- # Tomcat - [CA], [KRA], [OCSP], [TKS]
- # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone]
+ # Apache - [RA]
+ # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS]
+ # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone], [TPS Clone]
# - [External CA]
# - [Subordinate CA]
#
@@ -932,7 +932,7 @@ class PKIConfigParser:
config.str2bool(config.pki_master_dict['pki_clone']) or\
config.str2bool(config.pki_master_dict['pki_subordinate']):
# PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
- # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or
+ # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or
# Subordinate CA
config.pki_master_dict['pki_security_domain_type'] = "existing"
config.pki_master_dict['pki_security_domain_uri'] =\
@@ -964,8 +964,8 @@ class PKIConfigParser:
# 'Backup' Configuration name/value pairs
#
- # Apache - [RA], [TPS]
- # Tomcat - [CA], [KRA], [OCSP], [TKS]
+ # Apache - [RA]
+ # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS]
# - [External CA]
# - [Subordinate CA]
#
diff --git a/base/server/src/pkidestroy b/base/server/src/pkidestroy
index 4e23445f1..1e3f7f578 100755
--- a/base/server/src/pkidestroy
+++ b/base/server/src/pkidestroy
@@ -129,8 +129,8 @@ def main(argv):
# -s <subsystem>
if args.pki_subsystem is None:
interactive = True
- config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS)',
- options=['CA', 'KRA', 'OCSP', 'TKS'],
+ config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)',
+ options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'],
default='CA', caseSensitive=False).upper()
else:
config.pki_subsystem = str(args.pki_subsystem).strip('[\']')
diff --git a/base/server/src/pkispawn b/base/server/src/pkispawn
index 65ee17f50..b05db4760 100755
--- a/base/server/src/pkispawn
+++ b/base/server/src/pkispawn
@@ -129,8 +129,8 @@ def main(argv):
interactive = True
parser.indent = 0
- config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS)',
- options=['CA', 'KRA', 'OCSP', 'TKS'],
+ config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)',
+ options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'],
default='CA', caseSensitive=False).upper()
print
else:
diff --git a/base/server/src/scriptlets/configuration.py b/base/server/src/scriptlets/configuration.py
index 43f8c16cd..c13e7eba2 100644
--- a/base/server/src/scriptlets/configuration.py
+++ b/base/server/src/scriptlets/configuration.py
@@ -113,14 +113,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1,
master['pki_subsystem'],
extra=config.PKI_INDENTATION_LEVEL_2)
- return rv
- elif master['pki_subsystem'] == "TPS":
- config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1,
- master['pki_subsystem'],
- extra=config.PKI_INDENTATION_LEVEL_2)
- return rv
+ return self.rv
elif master['pki_instance_type'] == "Tomcat":
- # CA, KRA, OCSP, or TKS
+ # CA, KRA, OCSP, TKS, or TPS
data = config_client.construct_pki_configuration_data()
# Configure the substem
diff --git a/base/server/src/scriptlets/webapp_deployment.py b/base/server/src/scriptlets/webapp_deployment.py
index 4fdcc8614..aa52009fb 100644
--- a/base/server/src/scriptlets/webapp_deployment.py
+++ b/base/server/src/scriptlets/webapp_deployment.py
@@ -152,6 +152,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
elif master['pki_subsystem'] == "TKS":
util.symlink.create(master['pki_tks_jar'],
master['pki_tks_jar_link'])
+ elif master['pki_subsystem'] == "TPS":
+ util.symlink.create(master['pki_tps_jar'],
+ master['pki_tps_jar_link'])
# set ownerships, permissions, and acls
util.directory.set_mode(master['pki_tomcat_webapps_subsystem_path'])
return self.rv
generated by cgit (git 2.34.1) at 2024-06-21 04:35:49 +0000