diff options
Diffstat (limited to 'base/server')
-rw-r--r-- | base/server/etc/default.cfg | 22 | ||||
-rw-r--r-- | base/server/scripts/operations | 21 | ||||
-rw-r--r-- | base/server/src/engine/pkiconfig.py | 10 | ||||
-rw-r--r-- | base/server/src/engine/pkihelper.py | 6 | ||||
-rw-r--r-- | base/server/src/engine/pkiparser.py | 12 | ||||
-rwxr-xr-x | base/server/src/pkidestroy | 4 | ||||
-rwxr-xr-x | base/server/src/pkispawn | 4 | ||||
-rw-r--r-- | base/server/src/scriptlets/configuration.py | 9 | ||||
-rw-r--r-- | base/server/src/scriptlets/webapp_deployment.py | 3 |
9 files changed, 63 insertions, 28 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index b2af83857..b67b6670e 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -189,13 +189,13 @@ pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type) ## Tomcat Configuration: ## ## ## ## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## +## as an instance of 'Tomcat' (CA, KRA, OCSP, TKS, and TPS subsystems ## ## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## ## required information which MAY be overridden by users as necessary. ## ## ## ## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## +## a 'TKS Clone', or a 'TPS Clone', change the value of ## +## 'pki_clone' from 'False' to 'True'. ## ## ## ## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## ## are MUTUALLY EXCLUSIVE entities!!! ## @@ -334,6 +334,8 @@ pki_ocsp_jar=/usr/share/java/pki/pki-ocsp.jar pki_ocsp_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-ocsp.jar pki_tks_jar=/usr/share/java/pki/pki-tks.jar pki_tks_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-tks.jar +pki_tps_jar=/usr/share/java/pki/pki-tps.jar +pki_tps_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-tps.jar @@ -525,6 +527,20 @@ pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_na ## required information which MAY be overridden by users as necessary. ## ############################################################################### [TPS] +pki_import_admin_cert=True +pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=tpsadmin +pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s TPS +pki_audit_signing_subject_dn=cn=TPS Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_name)s-TPS +pki_ds_database=%(pki_instance_name)s-TPS +pki_ds_hostname=%(pki_hostname)s +pki_subsystem_name=TPS %(pki_hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s TPS +pki_subsystem_subject_dn=cn=TPS Subsystem Certificate,o=%(pki_security_domain_name)s # Paths # These are used in the processing of pkispawn and are not supposed diff --git a/base/server/scripts/operations b/base/server/scripts/operations index 2a07802f8..93d3bda90 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -1080,11 +1080,13 @@ verify_symlinks() declare -A kra_symlinks declare -A ocsp_symlinks declare -A tks_symlinks + declare -A tps_symlinks declare -A common_jar_symlinks declare -A ca_jar_symlinks declare -A kra_jar_symlinks declare -A ocsp_jar_symlinks declare -A tks_jar_symlinks + declare -A tps_jar_symlinks declare -A systemd_symlinks # Dogtag 10 Conditional Variables @@ -1104,6 +1106,7 @@ verify_symlinks() pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib" pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib" pki_tks_jar_dir="${PKI_INSTANCE_PATH}/webapps/tks/WEB-INF/lib" + pki_tps_jar_dir="${PKI_INSTANCE_PATH}/webapps/tps/WEB-INF/lib" # '${PKI_INSTANCE_PATH}' symlinks base_symlinks=( @@ -1187,6 +1190,24 @@ verify_symlinks() [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar [pki-tks.jar]=${java_dir}/pki/pki-tks.jar) + # '${PKI_INSTANCE_PATH}/tps' symlinks + tps_symlinks=( + [alias]=${PKI_INSTANCE_PATH}/alias + [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tps + [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tps + [registry]=${pki_registry_dir} + [webapps]=${PKI_INSTANCE_PATH}/webapps) + + # '${pki_tps_jar_dir}' symlinks + tps_jar_symlinks=( + [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar + [pki-cms.jar]=${java_dir}/pki/pki-cms.jar + [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar + [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar + [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar + [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar + [pki-tps.jar]=${java_dir}/pki/pki-tps.jar) + # '${pki_common_jar_dir}' symlinks common_jar_symlinks=( [apache-commons-codec.jar]=${java_dir}/commons-codec.jar diff --git a/base/server/src/engine/pkiconfig.py b/base/server/src/engine/pkiconfig.py index 3a3a7df18..6a86de087 100644 --- a/base/server/src/engine/pkiconfig.py +++ b/base/server/src/engine/pkiconfig.py @@ -39,15 +39,15 @@ PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser" PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"] PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"] -PKI_APACHE_SUBSYSTEMS = ["RA","TPS"] -PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"] +PKI_APACHE_SUBSYSTEMS = ["RA"] +PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS", "TPS"] PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", - "lib", "logs", "ocsp", "temp", "tks", "webapps", + "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps", "work"] PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", "rsyslog", "tls"] -PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"] -PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"] +PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra"] +PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks", "tps"] PKI_INDENTATION_LEVEL_0 = {'indent' : ''} PKI_INDENTATION_LEVEL_1 = {'indent' : '... '} diff --git a/base/server/src/engine/pkihelper.py b/base/server/src/engine/pkihelper.py index 9c775f65d..8ca83be67 100644 --- a/base/server/src/engine/pkihelper.py +++ b/base/server/src/engine/pkihelper.py @@ -520,7 +520,7 @@ class configuration_file: raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_password", master['pki_user_deployment_cfg'])) # Verify existence of Security Domain Password File - # (ONLY for Clones, KRA, OCSP, TKS, or Subordinate CA) + # (ONLY for Clones, KRA, OCSP, TKS, TPS, or Subordinate CA) if config.str2bool(master['pki_clone']) or\ not master['pki_subsystem'] == "CA" or\ config.str2bool(master['pki_subordinate']): @@ -3169,7 +3169,7 @@ class config_client: config.str2bool(master['pki_clone']) or\ config.str2bool(master['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, - # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or + # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA self.set_existing_security_domain(data) else: @@ -3399,7 +3399,7 @@ class config_client: config.str2bool(master['pki_subordinate']) or\ config.str2bool(master['pki_external']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, - # CA Clone, KRA Clone, OCSP Clone, TKS Clone, + # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, # Subordinate CA, or External CA data.issuingCA = master['pki_issuing_ca'] if master['pki_subsystem'] == "CA" and\ diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py index 8c9b6d620..340780204 100644 --- a/base/server/src/engine/pkiparser.py +++ b/base/server/src/engine/pkiparser.py @@ -880,9 +880,9 @@ class PKIConfigParser: # 'Subsystem Name' Configuration name/value pairs # 'Token' Configuration name/value pairs # - # Apache - [RA], [TPS] - # Tomcat - [CA], [KRA], [OCSP], [TKS] - # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone] + # Apache - [RA] + # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS] + # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone], [TPS Clone] # - [External CA] # - [Subordinate CA] # @@ -932,7 +932,7 @@ class PKIConfigParser: config.str2bool(config.pki_master_dict['pki_clone']) or\ config.str2bool(config.pki_master_dict['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, - # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or + # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA config.pki_master_dict['pki_security_domain_type'] = "existing" config.pki_master_dict['pki_security_domain_uri'] =\ @@ -964,8 +964,8 @@ class PKIConfigParser: # 'Backup' Configuration name/value pairs # - # Apache - [RA], [TPS] - # Tomcat - [CA], [KRA], [OCSP], [TKS] + # Apache - [RA] + # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS] # - [External CA] # - [Subordinate CA] # diff --git a/base/server/src/pkidestroy b/base/server/src/pkidestroy index 4e23445f1..1e3f7f578 100755 --- a/base/server/src/pkidestroy +++ b/base/server/src/pkidestroy @@ -129,8 +129,8 @@ def main(argv): # -s <subsystem> if args.pki_subsystem is None: interactive = True - config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS)', - options=['CA', 'KRA', 'OCSP', 'TKS'], + config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)', + options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'], default='CA', caseSensitive=False).upper() else: config.pki_subsystem = str(args.pki_subsystem).strip('[\']') diff --git a/base/server/src/pkispawn b/base/server/src/pkispawn index 65ee17f50..b05db4760 100755 --- a/base/server/src/pkispawn +++ b/base/server/src/pkispawn @@ -129,8 +129,8 @@ def main(argv): interactive = True parser.indent = 0 - config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS)', - options=['CA', 'KRA', 'OCSP', 'TKS'], + config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)', + options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'], default='CA', caseSensitive=False).upper() print else: diff --git a/base/server/src/scriptlets/configuration.py b/base/server/src/scriptlets/configuration.py index 43f8c16cd..c13e7eba2 100644 --- a/base/server/src/scriptlets/configuration.py +++ b/base/server/src/scriptlets/configuration.py @@ -113,14 +113,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, master['pki_subsystem'], extra=config.PKI_INDENTATION_LEVEL_2) - return rv - elif master['pki_subsystem'] == "TPS": - config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - master['pki_subsystem'], - extra=config.PKI_INDENTATION_LEVEL_2) - return rv + return self.rv elif master['pki_instance_type'] == "Tomcat": - # CA, KRA, OCSP, or TKS + # CA, KRA, OCSP, TKS, or TPS data = config_client.construct_pki_configuration_data() # Configure the substem diff --git a/base/server/src/scriptlets/webapp_deployment.py b/base/server/src/scriptlets/webapp_deployment.py index 4fdcc8614..aa52009fb 100644 --- a/base/server/src/scriptlets/webapp_deployment.py +++ b/base/server/src/scriptlets/webapp_deployment.py @@ -152,6 +152,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): elif master['pki_subsystem'] == "TKS": util.symlink.create(master['pki_tks_jar'], master['pki_tks_jar_link']) + elif master['pki_subsystem'] == "TPS": + util.symlink.create(master['pki_tps_jar'], + master['pki_tps_jar_link']) # set ownerships, permissions, and acls util.directory.set_mode(master['pki_tomcat_webapps_subsystem_path']) return self.rv |