diff options
Diffstat (limited to 'base/tps/apache/docroot/tps/admin/console/config')
36 files changed, 3248 insertions, 0 deletions
diff --git a/base/tps/apache/docroot/tps/admin/console/config/adminauthenticatepanel.vm b/base/tps/apache/docroot/tps/admin/console/config/adminauthenticatepanel.vm new file mode 100644 index 000000000..cfa53c628 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/adminauthenticatepanel.vm @@ -0,0 +1,51 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>Authentication</h2> +<p> +The uid and password are used to authenticate to the master subsystem. These are the administrator's credential information for the master subsystem. +#if ($systemType != "tps") +<br/> +If authentication is successful, a cloned subsystem will retrieve the configuration information from the master one. +#end +<br/> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <table class="details"> + <tr> + <th>Uid:</th> + + <td><input type="text" size="40" name="uid" value="$uid"/></td> + </tr> + <tr> + <th>Password:</th> + + <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td> + </tr> + </table> +<p> diff --git a/base/tps/apache/docroot/tps/admin/console/config/adminpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/adminpanel.vm new file mode 100644 index 000000000..46d3e25a2 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/adminpanel.vm @@ -0,0 +1,246 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT ID=Send_OnClick type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { +#if ($import == 'true' && $clone != 'clone') + var email = document.forms[0].email.value; + var name = document.forms[0].name.value; + var o = '$securityDomain'; + if (name == '') { + alert("Name is empty"); + return; + } + if (email == '') { + alert("Email is empty"); + return; + } + var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o; + document.forms[0].subject.value = dn; + var keyGenAlg = "rsa-dual-use"; + var keyParams = null; + + if (document.forms[0].keytype.value == 'ecc') { + keyGenAlg = "ec-dual-use"; + keyParams = "curve=nistp256" + } + + if (navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined") { + + crmfObject = crypto.generateCRMFRequest( + dn, "regToken", "authenticator", null, + "setCRMFRequest();", 2048, keyParams, keyGenAlg); + } else { + Send_OnClick(); + } +#else + with (document.forms[0]) { + submit(); + } +#end +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + cert_request.value = crmfObject.request; + submit(); + } +} + +</SCRIPT> +<SCRIPT type="text/VBS"> +<!-- + +Sub Send_OnClick + Dim TheForm + Dim szName + Set TheForm = Document.f + + + ' Contruct the X500 distinguished name + szName = "CN=NAME" + + ' IE doesnt like the dn containing the O component + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + + Enroll.providerType = 1 + Enroll.providerName = "Microsoft Base Cryptographic Provider v1.0" + + ' adding 2 to "GenKeyFlags" will enable the 'High Security' + ' (USER_PROTECTED) mode, which means IE will pop up a dialog + ' asking what level of protection the user would like to give + ' the key - this varies from 'none' to 'confirm password + ' every time the key is used' + Enroll.GenKeyFlags = 1 ' key PKCS12-exportable + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "The credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.cert_request.Value = szCertReq + TheForm.cert_request_type.Value = "pkcs10" + TheForm.subject.Value = "cn=" & TheForm.name.Value & ",uid=" & TheForm.uid.Value & ",e=" & TheForm.email.Value & ",o=" & TheForm.securitydomain.Value + + TheForm.Submit + Exit Sub + +End Sub + +--> +</SCRIPT> + +<SCRIPT type="text/VBS"> +<!-- +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.f + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + If temp = "Microsoft Base Cryptographic Provider v1.0" Then + first = j + End If + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + Else + TheForm.cryptprovider.selectedIndex = first + End If + i = i + 1 + End If + Loop +End Function + +--> +</SCRIPT> +The administrator is a privileged user who manages this subsystem. Please enter the following relevant information, and a certificate request will be automatically generated and submitted. An administrator's entry will be created in the internal database and an administrator's certificate will be imported into this browser automatically in the next panel. +<br/> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> + <br/> + + <table class="details"> + <tr> + <th>UID:</th> +#if ($clone != 'clone') + <td><input type=text name=uid value="$admin_uid"></td> +#else + <td><input type=text name=uid value="$admin_uid" disabled="disabled"></td> +#end + </tr> + <tr> + <th>Name:</th> +#if ($clone != 'clone') + <td><input size=35 type=text name=name value="$admin_name"></td> +#else + <td><input size=35 type=text name=name value="$admin_name" disabled="disabled"></td> +#end + </tr> + <tr> + <th>Email:</th> +#if ($clone != 'clone') + <td><input size=35 type=text name=email value="$admin_email"></td> +#else + <td><input size=35 type=text name=email value="$admin_email" disabled="disabled"></td> +#end + </tr> + <tr> + <th>Password:</th> +#if ($clone != 'clone') + <td><input type="password" size="40" name="__pwd" value="$admin_pwd" autocomplete="off"/></td> +#else + <td><input type="password" size="40" name="__pwd" value="$admin_pwd" disabled="disabled" autocomplete="off"/></td> +#end + </tr> + <tr> + <th>Password (Again):</th> + +#if ($clone != 'clone') + <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" autocomplete="off"/></td> +#else + <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" disabled="disabled" autocomplete="off"/></td> +#end +<input type="hidden" name="cert_request" value=""/> +<input type="hidden" name="display" value=$displayStr /> +<input type="hidden" name="profileId" value="caAdminCert" /> +<input type="hidden" name="cert_request_type" value="crmf" /> +<input type="hidden" name="import" value=$import /> +<input type="hidden" name="uid" value="admin" /> +<input type="hidden" name="clone" value=$clone /> +<input type="hidden" name="securitydomain" value="$securityDomain" /> +<input type="hidden" name="subject" value="cn=x" /> + </tr> + <tr> + <th>Key Type:</th> + <td><select name="keytype"><option value="rsa">RSA</option><option value="ecc">ECC</option></select></td> + </tr> + </table> + <div align="right"> + <hr /> + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/agentauthenticatepanel.vm b/base/tps/apache/docroot/tps/admin/console/config/agentauthenticatepanel.vm new file mode 100644 index 000000000..738efe5b3 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/agentauthenticatepanel.vm @@ -0,0 +1,47 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>Authentication</h2> +<br/> +The uid and password are used to authenticate to the CA from which this subsystem's certificates are issued. Enter the uid and password of the Certificate Manager Agent who will approve the certificate requests. +<br/> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <table class="details"> + <tr> + <th>Uid:</th> + + <td><input type="text" size="40" name="uid" value="$uid"/></td> + </tr> + <tr> + <th>Password:</th> + + <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td> + </tr> + </table> +<br/> diff --git a/base/tps/apache/docroot/tps/admin/console/config/authdbpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/authdbpanel.vm new file mode 100644 index 000000000..3ebb96853 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/authdbpanel.vm @@ -0,0 +1,67 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT LANGUAGE="JavaScript"> +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> + Please provide information about the LDAP server that will be used to authenticate the identity of end users. <a href="javascript: toggle_details();">[Details]</a> +<script> +function toggle_details() { + d = document.getElementById('details'); if (d.style.display == "block") { + d.style.display="none"; } else { + d.style.display="block"; + } } </script> +<div id=details style="display: none;"> <p> + In order for ESC to submit certificate requests to TPS, the end user's identity must first be verified. To accomplish this, an end user first sends a uid and password to TPS. TPS must then contact an LDAP server (e.g. - a corporate LDAP directory server) to verify this end user's identity. +<p> +If the end user's identity is successfully verified, TPS will establish an authenticated connection with this ESC, and begin accepting certificate requests and issuing certificates to this end user. +<p> +If, however, the end user's identity fails to be verified, TPS will not establish a connection with this ESC. TPS never issues certificates to unauthenticated end users. +</div> +<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<p> + + <table class="details"> + <tr> + <th>Host:</th> + <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td> + </tr> + + <tr> + <th>Port:</th> + + <td><input type="text" length="64" size="40" name="port" value="$portStr" /> + <input type="CHECKBOX" NAME="secureConn" value="true">SSL </td> + </tr> + + <tr> + <th>Base DN:</th> + <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td> + </tr> + </table> + + <div align="right"> + <hr /> + + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/cainfopanel.vm b/base/tps/apache/docroot/tps/admin/console/config/cainfopanel.vm new file mode 100644 index 000000000..8d2e54251 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/cainfopanel.vm @@ -0,0 +1,54 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT LANGUAGE="JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} + +</SCRIPT> +A Certificate Authority (CA) is responsible for issuing different kinds of certificates. Each Enterprise Security Client (ESC) interfaces with a TPS subsystem to request end user certificates. Consequently, to obtain these certificates, an HTTPS EE URL to a CA that has been registered in the security domain must also be selected. +<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<p> + <table class="details"> + <tr> + <th>URL:</th> + <td><select name="urls"> + #if ($urls_size != 0) + #set ($x=0) + #foreach ($p in $urls) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + #end + </select> + </td> + </tr> + </table> + + + <div align="right"> + <hr /> + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/certchainpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/certchainpanel.vm new file mode 100644 index 000000000..d6b7b3fe4 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/certchainpanel.vm @@ -0,0 +1,48 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<b>Pretty Print of Certificates on this subsystem. +<p> +#foreach ($item in $ppcerts) +<H2>$item.getDN()</H2> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Certificate: $item.getNickname()</b></td> +</tr> + +<tr> + <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td> +</tr> +</table> +#end + + <br/> + + <div align="right"> + <hr /> + + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/certprettyprintpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/certprettyprintpanel.vm new file mode 100644 index 000000000..0e5f05af6 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/certprettyprintpanel.vm @@ -0,0 +1,48 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +The following certificates were installed on this instance. +<p> +#foreach ($item in $ppcerts) +<H2>$item.getDN()</H2> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Certificate: $item.getNickname()</b></td> +</tr> + +<tr> + <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td> +</tr> +</table> +#end + + <br/> + + <div align="right"> + <hr /> + + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/certrequestpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/certrequestpanel.vm new file mode 100644 index 000000000..632b27c34 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/certrequestpanel.vm @@ -0,0 +1,224 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<style type="text/css"> + +.floating { + position: absolute; + left: 250px; + top: 50px; + width: 600px; + padding: 3px; + border: solid; + border-width: 5px; + background: white; + display: none; + margin: 5px; +} +</style> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} + +function showcert(element, event) +{ + var x = event.clientX; + var y = event.clientY; + + var content = element.getAttribute("content"); + var content_d = element.getAttribute("content_desc"); + + if (content == null) { return false; } + + var n = element.getAttribute("n"); + + var editableType = element.getAttribute("editableType"); + var desc; + var d; + var c; + if (editableType == "cert") + { + d = document.getElementById(n+"_editCertDiv"); + c = document.getElementById(n+"_text"); + desc = document.getElementById(n+"_desc_t"); + } else if (editableType == "certchain") { + d = document.getElementById(n+"_editCertChainDiv"); + c = document.getElementById(n+"_cc_text"); + desc = document.getElementById(n+"_cc_desc_t"); + } else { + d = document.getElementById(n+"_showCertDiv"); + c = document.getElementById(n+"_pre"); + desc = document.getElementById(n+"_desc_p"); + } + + if (desc.hasChildNodes()) + { + desc.removeChild(desc.childNodes[0]); + } + var content_desc = document.createTextNode(content_d); + desc.appendChild(content_desc); + + if (c.hasChildNodes()) + { + c.removeChild(c.childNodes[0]); + } + var content_text = document.createTextNode(content); + c.appendChild(content_text); + + d.style.left = x+30; // x-offset of floating div + assumedheight = 1000; + + var offset = 20; // extra y-offset of floating div + var bottom = y + offset + assumedheight; + if (bottom > window.innerHeight) { + offset = 0 - (2*offset) - assumedheight; + } + + d.style.top = y+ offset +document.body.scrollTop; + + // unhide the window + d.style.display ="block"; + +} + +function hide(tag) +{ + document.getElementById(tag+"_showCertDiv").style.display ="none"; + document.getElementById(tag+"_editCertDiv").style.display ="none"; + document.getElementById(tag+"_editCertChainDiv").style.display ="none"; +} + +</SCRIPT> +A certificate signing request (CSR) contains a public key and is an unsigned copy of the certificate. +<p> +If a given CSR has been successfully signed by a CA, then the certificate will be designated below by a certificate icon labeled Certificate Generated Successfully. +<p> +However, if a given CSR contains an <font color="red">action required</font> label under its certificate icon, then those requests must be <i>manually</i> submitted to a CA for certificate generation. +<p> +Press the [Apply] button after certificates and chains are pasted in. +<p> +Press the [Next] button once all certificates have been generated successfully. +<p> +#foreach ($item in $reqscerts) +<H2>$item.getDN()</H2> +<table width=100%> +<tr> + <td width=10%></td> + <td width=20%></td> + <td width=70%></td> +</tr> + +<tr> + <td> </td> +#if ($item.getCert() == "...paste certificate here...") + <td><font color=red>action required</font><br> +<img src="/pki/images/no-certificate.png"/></td> +#else + #if ($item.getCert() == "...certificate be generated internally...") +<td> + <img src="/pki/images/no-certificate.png"/><br> + certificate will be generated internally + </td> + #else + #if ($item.getCert() == "") + <td> +<img src="/pki/images/no-certificate.png"/><br> + No Certificate Generated. Please import.<br> + </td> + #else + <td> +<img src="/pki/images/certificate.png"/><br> + Certificate Generated Successfully + </td> + #end + #end +#end + +<td> + + +#if ($item.getCert() == "...paste certificate here...") +<a content="$item.getRequest()" content_desc="Copy the following Certificate Request (CSR) and paste it in the external CA enrollment page for enrollment" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> Step 1: Copy the Certificate Request (CSR) to enroll at an external CA</a><p> +<a content="" content_desc="Copy the base64-encoded PKCS #7 certificate chain into the text box below and press 'X'" n="$item.getCertTag()" editableType="certchain" href="#" onclick="showcert(this,event);"> Step 2: Import the PKCS #7 Certificate Chain (optional if the certificate already contains the chain)</a><p> +<a content="$item.getCert()" content_desc="Copy the resulting base64-encoded certificate (NOTE: PKCS #7 not accepted) into the text box below and press 'X'" n="$item.getCertTag()" editableType="cert" href="#" onclick="showcert(this,event);"> Step 3: Paste in the Base64-encoded Certificate after enrollment at an external CA (NOTE: this text box does not accept PKCS #7 certificate chains)</a><p> +#else + #if ($item.getCert() == "...certificate be generated internally...") +<p> + #else +<a content="$item.getRequest()" content_desc="Certificate Request (CSR)" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Request (CSR)</a><p> +<a content="$item.getCert()" content_desc="Certificate in Base64 encoding" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate in Base64-Encoding</a><p> +<a content="$item.getCertpp()" content_desc="Certificate in pretty print" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Pretty Print</a><p> + #end +#end + + +</td> +</tr> +</table> + +<div id="$item.getCertTag()_showCertDiv" class="floating"> +<div align="right" onclick="hide('$item.getCertTag()');">X</div> +<table id="$item.getCertTag()_stable" width="100%"> +<tr> +<td id="$item.getCertTag()_desc_p"></td> +</tr> +<tr> +<td><pre name="$item.getCertTag()" id="$item.getCertTag()_pre">$item.getCert()</pre></td> +</tr> +</table> +</div> + +<div id="$item.getCertTag()_editCertDiv" class="floating"> +<div align="right" onclick="hide('$item.getCertTag()');">X</div> +<table id="$item.getCertTag()_etable" width="100%"> +<tr> +<td id="$item.getCertTag()_desc_t"></td> +</tr> +<tr> +<td><textarea rows=30 cols=90 name="$item.getCertTag()" id="$item.getCertTag()_text" style="font-family: monospace;">$item.getCert()</textarea></td> +</tr> +</table> +</div> + +<div id="$item.getCertTag()_editCertChainDiv" class="floating"> +<div align="right" onclick="hide('$item.getCertTag()');">X</div> +<table id="$item.getCertTag()_cc_etable" width="100%"> +<tr> +<td id="$item.getCertTag()_cc_desc_t"></td> +</tr> +<tr> +<td><textarea rows=30 cols=90 name="$item.getCertTag()_cc" id="$item.getCertTag()_cc_text" style="font-family: monospace;"></textarea></td> +</tr> +</table> +</div> + + +#end + + <p> + + + <div align="right"> + <hr /> + + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/config_addhsm.vm b/base/tps/apache/docroot/tps/admin/console/config/config_addhsm.vm new file mode 100644 index 000000000..90d2f0ea9 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/config_addhsm.vm @@ -0,0 +1,95 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> +<SCRIPT LANGUAGE="JavaScript"> + function checkClose() { + if ('$status' == "update" && '$error' == '') { + window.close(); + } + } + +</SCRIPT> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + </head> + + + <body onLoad="checkClose();"><div id="wrap"><div id="wrap"> + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td class="page-content" width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Security Modules</h1> +Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. +<p> +<H2>Registering a New Security Module</H2> +<form name=configForm action="config_addhsm" method="post"> +<p> +If the desired security module is not listed, it is possible that this security module's PKCS #11 library was not registered with the system. Please register a new security module here. +<table> +<tr> + <td> +Library Path: <input type=text name="modulePath" value=""> + </td> +</tr> +<tr> + <td> +Module Name: <input type=text name="moduleName" value=""> + </td> +<tr> +</tr> +</table> +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> +<input onclick="configForm.submit()" type=button name=config_addhsm_next value="Apply"> + </td> +</tr> +</table> +</form> + </td> + </tr> + </table> + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/tps/apache/docroot/tps/admin/console/config/config_db.vm b/base/tps/apache/docroot/tps/admin/console/config/config_db.vm new file mode 100644 index 000000000..ba40c7cee --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/config_db.vm @@ -0,0 +1,125 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> + +<SCRIPT LANGUAGE="JavaScript"> + function donePanel(errorStr, displayS) { + if (displayS == "loaded") { + if (errorStr == '') { + window.close(); + } + } + } +</SCRIPT> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + </head> + + + <body onLoad="donePanel('$errorString', '$displayStr')"> +<div id="wrap"> +#include ( "admin/console/config/header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Internal Database </h1> + + <form name=configForm action="config_db" method="post"> + <b>Internal Database Connection</b> <p>This option allows sharing an internal database to improve managability.<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <table class="details"> + <tr> + <th>Host:</th> + + <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td> + </tr> + + <tr> + <th>Port:</th> + + <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td> + </tr> + <tr> + <th>Base DN:</th> + <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td> + </tr> + <tr> + <th>Database:</th> + + <td><input type="text" length="128" size="40" name="database" value="$database" /></td> + </tr> + <tr> + <th>Bind DN:</th> + <td><input type="text" length="128" size="40" name="binddn" value="$binddn" /></td> + </tr> + <tr> + <th>Bind Password:</th> + + <td><input type="password" length="128" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td> + </tr> + <td><input type="hidden" name="display" value=$displayStr /></td> + </table> + + <div align="right"> + <hr /> + + </div> + + +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> +<input onclick="configForm.submit()" type="button" name="config_db_next" value="Apply"> + </td> +</tr> +</table> + + </form> + + </td> + </tr> + </table> + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/tps/apache/docroot/tps/admin/console/config/config_hsm.vm b/base/tps/apache/docroot/tps/admin/console/config/config_hsm.vm new file mode 100644 index 000000000..7ec82522c --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/config_hsm.vm @@ -0,0 +1,175 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> +<SCRIPT LANGUAGE="JavaScript"> + function checkClose() { + if ('$status' == "update" && '$error' == '') { + window.close(); + } + } + +</SCRIPT> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + </head> + + + <body onLoad="checkClose();"><div id="wrap"> + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + +#include ( "admin/console/config/topmenu.vm" ) + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Security Modules </h1> + +<form name=configForm action="config_hsm" method="post"> + +Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. Please make sure that at least one security module is listed below. +<p> +<H2>Supported Security Modules</H2> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Module/Token</b></td> + <td width=10%><b>Status</b></td> + <td width=10%><b>Default</b></td> + <td width=10%><b>Operations</b></td> +</tr> +#foreach ($module in $sms) +<tr bgcolor="#eeeeee"> + <td><img src=$module.getImagePath()><br>$module.getUserFriendlyName()</td> + <td> + #if ($module.isFound()) + Found + #else + Not Found + #end + </td> + <td></td> + <td></td> +</tr> +#foreach ($token in $module.getTokens()) +<tr> + <td>- $token.getNickName()</td> + <td> + #if ($token.isLoggedIn()) + Logged In + #else + Not logged In + #end + </td> + <td> + #if ($defTok == $token.getNickName()) + <input checked type=radio name="choice" value="$token.getNickName()"> + #else + <input type=radio name="choice" value="$token.getNickName()"> + #end + </td> + <td></td> +</tr> +#end +#end + +</table> +<H2>Other Security Modules</H2> +<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Module/Token</b></td> + <td width=10%><b>Status</b></td> + <td width=10%><b>Default</b></td> + <td width=10%><b>Operations</b></td> +</tr> +#foreach ($module in $oms) +<tr bgcolor="#eeeeee"> + <td>$module.getUserFriendlyName()</td> + <td> + #if ($module.isFound()) + Found + #else + Not Found + #end + </td> + <td></td> + <td></td> +</tr> +#foreach ($token in $module.getTokens()) +<tr> + <td>- $token.getNickName()</td> + <td> + #if ($token.isLoggedIn()) + Logged In + #else + Not logged In + #end + </td> + <td> + #if ($defTok == $token.getNickName()) + <input checked type=radio name="choice" value="$token.getNickName()"> + #else + <input type=radio name="choice" value="$token.getNickName()"> + #end + </td> + <td></td> +</tr> +#end +#end + +</table> + + </td> +</tr> +</table> +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> +<input onclick="configForm.submit()" type=button name=config_hsm value="Apply"> + </td> +</tr> +</table> +</form> + </td> + </tr> + </table> + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/tps/apache/docroot/tps/admin/console/config/config_hsmloginpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/config_hsmloginpanel.vm new file mode 100644 index 000000000..332f2f470 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/config_hsmloginpanel.vm @@ -0,0 +1,82 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT LANGUAGE="JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> + <h1> + Security Modules Login Panel</h1> +Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. +<p> +<H2>Security Token Login</H2> +<form name=configHSMLoginForm action="config_hsmlogin" method="post"> +<p> +The user has chosen to login to the following security module: <b>$SecToken</b> +<p> +#if ($status == "alreadyLoggedIn") + Token already logged in. +#else + #if ($status == "tokenPasswordNotInitialized") + Token password not initialized. + #else + #if ($status == "justLoggedIn") + Token logged in successfully. + #else +<table> +<tr> + <td> +Security Module Token Name: <b><input type=text name="uTokName" value="$SecToken"></b> + </td> +</tr> +<tr> + <td> +Security Module Token Password: <input type=password name="__uPasswd" value="" autocomplete="off"> + </td> +<tr> +</tr> +</table> +<p> + #end + #end +#end + +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> + + </td> +</tr> +</table> + </td> + </tr> + </table> + + <p> + + <div align="right"> + <hr /> + + </div> + + diff --git a/base/tps/apache/docroot/tps/admin/console/config/config_join.vm b/base/tps/apache/docroot/tps/admin/console/config/config_join.vm new file mode 100644 index 000000000..49e43fbc4 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/config_join.vm @@ -0,0 +1,124 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + </head> + +<SCRIPT LANGUAGE="JavaScript"> + function checkClose() { + if ('$status' == "update" && '$error' == '') { + window.close(); + } + } +</SCRIPT> + + + <body onLoad="checkClose();"> +<div id="wrap"> + +#include ( "admin/console/config/header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Join the PKI Network </h1> + +To join this PKI network, the setup wizard needs to submit the certificate request to a Root or another subordinate CA for signing. + <p> + <form action="config_join" method="post" name="f"> + +<input type=radio $check_manual name="choice" value="manual">Manually submit this request to a CA. +<p> +<table width=100%> +<tr> + <td width=50%>Certificate Request to a CA:</td> + <td>Certificate Chain From a CA:</td> + </td> +</tr> +<tr> + <td> +<textarea rows=8 cols=40 name="req">$certreq</textarea> + </td> + <td> +<textarea rows=8 cols=40 name="cert">$cert</textarea> + </td> +</tr> +</table> +<p> +<input type=radio $check_auto name="choice" value="auto">Automatically submit the request to a Dogtag Certificate Authority +<br> + <table class="details"> + <tr> + <th width=10%>URL:</th> + <td><input type="text" length="128" size="40" name="url" value="https://localhost" /></td> + </tr> + + <tr> + <th>UID:</th> + <td><input type="text" length="64" size="40" name="uid" value="agent" /></td> + </tr> + <tr> + <th>Password:</th> + <td><input type="password" length="64" size="40" name="__pwd" value="" autocomplete="off" /></td> + </tr> + </table> +<p> + + <div align="right"> + <hr /> + </div> + + </form> + +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> +<input onclick="javascript: document.f.submit();" type=button name=next value="Apply"> + </td> +</tr> +</table> + </td> + </tr> + </table> + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/tps/apache/docroot/tps/admin/console/config/config_rootca.vm b/base/tps/apache/docroot/tps/admin/console/config/config_rootca.vm new file mode 100644 index 000000000..7e17fef35 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/config_rootca.vm @@ -0,0 +1,112 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + </head> + +<SCRIPT LANGUAGE="JavaScript"> + function checkClose() { + if ('$status' == "update" && '$error' == '') { + window.close(); + } + } +</SCRIPT> + + + <body onLoad="checkClose();"> +<div id="wrap"> + +#include ( "admin/console/config/header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Root CA </h1> + +A Root CA provides a set of predefined signing capabilities. Please select the capabilities that this CA needs to provide. + <p> + +<form name="f" action="config_rootca" method="post"> + +<H2>CA Certificate Profile</H2> + +<p> + <table class="details"> + <tr> + <th width=10%>Profile:</th> + + <td><select name="profile"> +#foreach ($p in $profiles) +#if ($p.getID() == $selected_profile_id) + <option selected value="$p.getID()">$p.getName()</option> +#else + <option value="$p.getID()">$p.getName()</option> +#end +#end + </select> + </td> + </tr> + </table> +<p> + + <div align="right"> + <hr /> + + </div> + + </form> + +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> +<input onclick="javascript: document.f.submit()" type=button name=next value="Apply"> + </td> +</tr> +</table> + + + </td> + </tr> + </table> + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/tps/apache/docroot/tps/admin/console/config/createsubsystempanel.vm b/base/tps/apache/docroot/tps/admin/console/config/createsubsystempanel.vm new file mode 100644 index 000000000..1ddd7a90c --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/createsubsystempanel.vm @@ -0,0 +1,98 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>Subsystem Configuration</h2> +<p> +#if ($systemType != "tps") +This instance can be configured as either a new $systemname subsystem or a clone of an existing $systemname. If the cloning option is chosen, please provide the URL to an existing $systemname instance. +#else +This instance can be configured as a new $systemname subsystem. +#end +<br/> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> +<b><input $check_newsubsystem type=radio name=choice value="newsubsystem"> Configure this Instance as a New $systemname Subsystem </b> +<br/> + <table class="details"> + <tr> + <th>Subsystem Name: </th> + <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname)</td> + </tr> + <tr> + <th>Subsystem HTTP URL (unsecure): </th> + <td>http://$machineName:$http_port</td> + </tr> + <tr> + <th>Subsystem HTTPS URL (clientauth): </th> + <td>https://$machineName:$https_port</td> + </tr> + <tr> + <th>Subsystem HTTPS URL (non-clientauth): </th> + <td>https://$machineName:$non_clientauth_https_port</td> + </tr> + </table> +<p> +#if ($disableClone) +<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem" disabled="disabled"> Clone an Existing $systemname Subsystem </b> +#else +<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem"> Clone an Existing $systemname Subsystem </b> +#end +<br/> + <table class="details"> + <tr> + <th>Subsystem Name: </th> +#if ($disableClone) + <td><input disabled="disabled" type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname + Clone 1)</td> +#else + <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname + Clone 1)</td> +#end + </tr> + <tr> + <th>Subsystem URL: </th> +#if ($disableClone) + <td><select name="urls" disabled="disabled"> +#else + <td><select name="urls"> +#end + #if ($urls_size != 0) + #set ($x=0) + #foreach ($p in $urls) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + #else + <option selected value="none">NONE</option> + #end + </select> + </td> + </tr> + </table> +<br/> diff --git a/base/tps/apache/docroot/tps/admin/console/config/databasepanel.vm b/base/tps/apache/docroot/tps/admin/console/config/databasepanel.vm new file mode 100644 index 000000000..ce168fd2a --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/databasepanel.vm @@ -0,0 +1,93 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +Please provide information to an existing Fedora Directory Server that can be used as the internal database for this instance. <a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> +<div id=details style="display: none;"> +<p> +Each instance needs access to a Fedora Directory Server instance to store requests and records. Each PKI instance may create its own associated internal database, or may share an existing internal database. To share an existing internal database instance, a PKI instance would only need to establish a unique distinguished name (DN) using the field entitled <b>Base DN</b> and a unique database name using the field entitled <b>Database</b>. +</div> +<p> +<i>Note: If the Fedora Directory Server is at a remote host, it is highly recommended that SSL should be used.</i> +<br/> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> + + <table class="details"> + <tr> + <th>Host:</th> + <td><input type="text" size="40" name="host" value="$hostname" /></td> + </tr> + + <tr> + <th>Port:</th> + + <td><input type="text" size="40" name="port" value="$portStr" /> +<input type="CHECKBOX" NAME="secureConn" value="true">SSL +</td> + </tr> + <tr> + <th>Base DN:</th> + <td><input type="text" size="40" name="basedn" value="$basedn" /></td> + </tr> + <tr> + <th>Database:</th> + + <td><input type="text" size="40" name="database" value="$database" /></td> + </tr> + <tr> + <th>Bind DN:</th> + <td><input type="text" size="40" name="binddn" value="$binddn" /></td> + </tr> + <tr> + <th>Bind Password:</th> + + <td><input type="password" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td> + </tr> + </table> + <input type="hidden" name="display" value=$displayStr /> + +#if ($firsttime == 'false') +<input type="CHECKBOX" NAME="removeData">Remove the existing data from the <b>Base DN</b> shown above.<p> +#end + + <div align="right"> + <hr /> + + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/displaycertchain2panel.vm b/base/tps/apache/docroot/tps/admin/console/config/displaycertchain2panel.vm new file mode 100644 index 000000000..3a13b7cd4 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/displaycertchain2panel.vm @@ -0,0 +1,40 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT LANGUAGE="JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<p> +A certificate chain is a list of all certificates chained up to the root. +<p> +If the entire certificate chain is displayed below, click the Next button to import it into this subsystem. This certificate chain will then be trusted for this instance. +<p> +If no certificate chain is listed below, simply click the Next button to move on to the next panel. +<p> +<pre> +$certchain +</pre> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end diff --git a/base/tps/apache/docroot/tps/admin/console/config/displaycertchainpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/displaycertchainpanel.vm new file mode 100644 index 000000000..f7b9dee90 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/displaycertchainpanel.vm @@ -0,0 +1,40 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<br/> +A certificate chain is a list of all certificates chained up to the root. +<br/> +If a certificate chain is displayed below, click the Next button to trust this certificate chain for this instance. +<br/> +If no certificate chain is listed below, simply click the Next button to move on to the next panel. +<br/> +<pre> +$certchain +</pre> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end diff --git a/base/tps/apache/docroot/tps/admin/console/config/donepanel.vm b/base/tps/apache/docroot/tps/admin/console/config/donepanel.vm new file mode 100644 index 000000000..2aa76ff0c --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/donepanel.vm @@ -0,0 +1,54 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<input type="hidden" name="host" value=$host /> +<input type="hidden" name="port" value=$port /> +<input type="hidden" name="systemType" value=$systemType /> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +#if ($systemType == "tks") +As 'root', restart the server on the command line by typing "$initCommand restart $instanceID". After performing this restart, the server should become operational. +#else +#if ($externalCA == "true" && $systemType == "kra") +As 'root', restart the server on the command line by typing "$initCommand restart $instanceID". Startup the administration console to add the peer CA to the Trusted Manager's Group. Make sure to add the transport certificate and connector information to the peer CA. After performing this restart, the server should become operational. +#else +As 'root', restart the server on the command line by typing "$initCommand + restart $instanceID". After performing this restart, the server should become operational. +<br/> +Please go to the <A href="https://$host:$non_clientauth_port">services page</A> to access all of the available interfaces. +<br/> +Each Enterprise Security Client (ESC) talks to a TPS config URL for token management functions located at <A href="http://$host:$unsecurePort/cgi-bin/home/index.cgi">http://$host:$unsecurePort/cgi-bin/home/index.cgi</A>. +<br/> +#end +#end +<br/> +To create additional instances, type "/usr/bin/pkicreate" on the command line. +<br/> +#if ($systemType != "tps") +To start the administration console, type "/usr/bin/pkiconsole" on the command line. +#end diff --git a/base/tps/apache/docroot/tps/admin/console/config/drminfopanel.vm b/base/tps/apache/docroot/tps/admin/console/config/drminfopanel.vm new file mode 100644 index 000000000..8931bf1c9 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/drminfopanel.vm @@ -0,0 +1,55 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT LANGUAGE="JavaScript"> +function performPanel() { + with (document.forms[0]) { + submit(); + } +} + +</SCRIPT> +A Data Recovery Manager (DRM) is responsible for server-side key generation, archival, and recovery. If server-side key generation is not needed, this step can be skipped. +<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +<p> +#end +<b><input checked type=radio name=choice value="keygen"> Connect this instance to the HTTPS Agent URL of a DRM to support server-side key generation.</b> +<p> +<p> + <table class="details"> + <tr> + <th>URL:</th> + <td><select name="urls"> + #if ($urls_size != 0) + #set ($x=0) + #foreach ($p in $urls) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + #end + </select> + </td> + </tr> + </table> + <div align="right"> + <hr /> + </div> +<p> +<b><input type=radio name=choice value="nokeygen"> Configure this instance to NOT support server-side key generation.</b> +<p> diff --git a/base/tps/apache/docroot/tps/admin/console/config/footer.vm b/base/tps/apache/docroot/tps/admin/console/config/footer.vm new file mode 100644 index 000000000..a596e45b1 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/footer.vm @@ -0,0 +1,19 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + <div id="footer"> + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/header.vm b/base/tps/apache/docroot/tps/admin/console/config/header.vm new file mode 100644 index 000000000..e0fe6a962 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/header.vm @@ -0,0 +1,25 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<div id="header"> + <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> + <div id="headerpaddedtitle"> + <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> + </div> + <div id="account"> + </div> +</div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/hierarchypanel.vm b/base/tps/apache/docroot/tps/admin/console/config/hierarchypanel.vm new file mode 100644 index 000000000..0138188e9 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/hierarchypanel.vm @@ -0,0 +1,79 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { + setURL(); +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>PKI Hierarchy</h2> +<p> +This CA instance can be either a Self-Signed Root CA or a Subordinate CA. <a href="javascript:toggle_details();">[Details]</a> +<script> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} + +function setURL() { + var cbox = document.forms[0].elements['urls']; + if (document.forms[0].choice[0].checked) { + cbox.disabled = "disabled"; + } else { + cbox.disabled = ""; + } +} + +</script> + +<div id=details style="display: none;"> +<p> +The PKI hierarchy establishes the trust relationships between this CA instance and the other PKI instances within this security domain. A CA can be chained under an internal CA, or alternatively, it can be chained under a public or an external CA. +</div> + +<p> +<b><input $check_root type=radio name=choice value="root" onChange="setURL();"> Make this a Self-Signed Root CA within this new PKI hierarchy. <img alt="" src="/pki/images/rootca.gif"></b> +<p> +<b><input $check_join type=radio name=choice value="join" onChange="setURL();"> Make this a subordinate CA of another CA. <img alt="" src="/pki/images/sub.gif"></b> + + <table class="details"> + <tr> + <th>URL:</th> + <td><select name="urls"> + #if ($urls.size() > 0) + #set ($x=0) + #foreach ($p in $urls) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + #end + </select> + </td> + </tr> + </table> +<p> diff --git a/base/tps/apache/docroot/tps/admin/console/config/importadmincertpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/importadmincertpanel.vm new file mode 100644 index 000000000..609b4bf4f --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/importadmincertpanel.vm @@ -0,0 +1,55 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +An administrator's certificate has been created and imported into this browser. This certificate is used to access the agent interface of this subsystem. +<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<font color="red">$info</font> +<p> + <p> + + <table class="details"> + <tr> +#if ($ca == 'true' && $import == 'true') +<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe> +#else +#if ($caType == 'ca' && $import == 'true') +<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe> +#else +<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe> +#end +#end +<input type="hidden" name="serialNumber" value=$serialNumber /> +<input type="hidden" name="caHost" value=$caHost /> +<input type="hidden" name="caPort" value=$caPort /> + </tr> + </table> + <div align="right"> + <hr /> + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/login.vm b/base/tps/apache/docroot/tps/admin/console/config/login.vm new file mode 100644 index 000000000..73f53afa6 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/login.vm @@ -0,0 +1,109 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + </head> + + + <body><div id="wrap"> + +#include ( "tps/admin/console/config/header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td class="sidebar"> + + </td> + <td class="page-content" width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Login</h1> + +A one time random pin has been generated during setup to protect unauthorized access to this configuration wizard. This pin has been stored in the "CS.cfg" configuration file as the value of the 'preop.pin' parameter. Please enter this pin to continue. + + <p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <p> + <form name="f" action="login" method="post"> + + <table class="details"> + <tr> + <th>PIN:</th> + <td><input type=password name="pin"></td> + </tr> + </table> + <div align="right"> + <hr /> + </div> + </form> + +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> +<td align=right> +<input type=button onclick="javascript: document.f.submit();" name=login value="Login"> +</td> +</tr> +</table> + + + </td> + </tr> + </table> + + </div> <!-- close content --> + </div> <!-- close wrap --> + +#include ( "tps/admin/console/config/footer.vm" ) + </body> +</html> diff --git a/base/tps/apache/docroot/tps/admin/console/config/modulepanel.vm b/base/tps/apache/docroot/tps/admin/console/config/modulepanel.vm new file mode 100644 index 000000000..812d7ca6c --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/modulepanel.vm @@ -0,0 +1,161 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +Two lists of security modules are provided below. The <b>Supported Security Modules</b> list consists of both software-based and hardware-based security modules that this PKI solution supports, while the <b>Other Security Modules</b> list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. <a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> +<div id=details style="display: none;"> +<br/> +Key pairs for this instance will be generated and stored on a device called a security module. +<br/> +A <b><i>key pair</i></b> consists of a public key and a private key. A <b><i>private key</i></b> is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the <b><i>key</i></b>. A <b><i>public key</i></b> is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a <b><i>certificate</i></b>. +<br/> +<b><i>Security modules</i></b> can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included. +<br/> +Before any security module solution can be used, a user must first always be authenticated to this security module via a token. To support this, each security module consists of one or more <b><i>slots</i></b>. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software. +<br/> +Finally, a <b><i>token</i></b> (often generically referred to as a <b><i>smartcard</i></b>), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot. For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication. +<br/> +Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue. +</div> +<br/> +<H2>Supported Security Modules</H2> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Module/Token</b></td> + <td width=10%><b>Status</b></td> + <td width=10%><b>Default</b></td> + <td width=10%><b>Operations</b></td> +</tr> +#foreach ($module in $sms) +<tr bgcolor="#eeeeee"> + <td><img alt="" src=$module.getImagePath()><br>$module.getUserFriendlyName()</td> + <td> + #if ($module.isFound()) + Found + #else + Not Found + #end + </td> + <td></td> + <td></td> +</tr> +#foreach ($token in $module.getTokens()) +<tr> + <td>- $token.getNickName()</td> + <td> + #if ($token.isLoggedIn()) + Logged In + #else + Not logged In + #end + </td> + <td> + #if ($token.isLoggedIn()) + #if ($defTok == $token.getNickName()) + <input checked type=radio name="choice" value="$token.getNickName()"> + #else + <input type=radio name="choice" value="$token.getNickName()"> + #end + #end + </td> + <td> + #if (!$token.isLoggedIn()) +<a href="wizard?p=$subpanelno&SecToken=$token.getNickName()">Login</a> + #end +</td> +</tr> +#end +#end + +</table> +<H2>Other Security Modules</H2> +<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Module/Token</b></td> + <td width=10%><b>Status</b></td> + <td width=10%><b>Default</b></td> + <td width=10%><b>Operations</b></td> +</tr> +#foreach ($module in $oms) +<tr bgcolor="#eeeeee"> + <td>$module.getUserFriendlyName()</td> + <td> + #if ($module.isFound()) + Found + #else + Not Found + #end + </td> + <td></td> + <td></td> +</tr> +#foreach ($token in $module.getTokens()) +<tr> + <td>- $token.getNickName()</td> + <td> + #if ($token.isLoggedIn()) + Logged In + #else + Not logged In + #end + </td> + <td> + #if ($defTok == $token.getNickName()) + <input checked type=radio name="choice" value="$token.getNickName()"> + #else + <input type=radio name="choice" value="$token.getNickName()"> + #end + </td> + <td> + #if (!$token.isLoggedIn()) +<a href="wizard?p=$subpanelno&SecToken=$token.getNickName()">Login</a> + #end + </td> +</tr> +#end +#end + +</table> + + + <br/> + + <div align="right"> + <hr /> + + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/namepanel.vm b/base/tps/apache/docroot/tps/admin/console/config/namepanel.vm new file mode 100644 index 000000000..0ed2d1adb --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/namepanel.vm @@ -0,0 +1,90 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +Each certificate associated with this instance needs to have a unique name within the PKI hierarchy. The following information will be used to generate these unique names. Each certificate will be stored in the security module using a unique nickname.<a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> + +<div id=details style="display: none;"> +<p> +Each unique name, called the certificate's subject name, is referenced as the distinguished name (DN). A DN may be composed of multiple comma separated name=value fields. +<br/> +</div> + + <p> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> +#foreach ($item in $certs) +<H2>$item.getUserFriendlyName()</H2> + + <table class="details"> + <tr> + <th>DN:</th> + <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getDN()"/></td> + </tr> + <tr> + <th>Nickname:</th> + <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()"/></td> + </tr> + </table> +<p> +#end +<p> +<hr> +<p> +Please select the CA to submit these system certificate requests: +<p> + <table class="details"> + <tr> + <th>URL:</th> + <td><select name="urls"> + #if ($urls_size != 0) + #set ($x=0) + #foreach ($p in $urls) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + #end + </select> + </td> + </tr> + </table> + + <div align="right"> + <hr /> + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/securitydomainloginpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/securitydomainloginpanel.vm new file mode 100644 index 000000000..a8c0c8079 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/securitydomainloginpanel.vm @@ -0,0 +1,108 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> +<META http-equiv=Content-Type content="text/html; charset=UTF-8"> + </head> + + +<div id="wrap"> +<div id="header"> + <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> + <div id="headerpaddedtitle"> + <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> + </div> + <div id="account"> + <dl><dt><span></span></dt><dd></dd></dl> + </div> +</div> + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Security Domain ($name) Login </h1> + + <form name=sdForm action="getCookie" method="post"> + <p>The Enterprise $subsystem Administrator will register this $subsystem Subsystem located at $host under this Security Domain located at $sdhost. The credential information will be provided to the Security Domain for authentication.<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <table class="details"> + <tr> + <th>Uid:</th> + + <td><input type="text" length="128" size="40" name="uid" value="$sd_uid" /></td> + </tr> + + <tr> + <th>Password:</th> + + <td><input type="password" length="64" size="40" name="pwd" value="$sd_pwd" autocomplete="off" /></td> + </tr> +<input type=hidden name=url value="$url"> + + </table> + + <div align="right"> + <hr /> + + </div> + + +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> +<div align="right"> +<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login"> +</div> + </td> +</tr> +</table> + + </form> + + </td> + </tr> + </table> + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/tps/apache/docroot/tps/admin/console/config/securitydomainpanel.vm b/base/tps/apache/docroot/tps/admin/console/config/securitydomainpanel.vm new file mode 100644 index 000000000..6f651f388 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/securitydomainpanel.vm @@ -0,0 +1,114 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>$panelname</h2> +<br/> +A security domain is a registry for all of the PKI services within an enterprise. Applications may use the security domain to locate other PKI services. <a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> + +<div id=details style="display: none;"> +<br/> +This PKI solution allows multiple security domains within an organization, but each security domain must host a Certificate Authority. +<br/> +If the user is creating a new security domain, this CA Administrator is also +the security domain Administrator. +<br/> +If this subsystem is joining an existing security domain, the user will need to provide the credential information of the security domain Administrator +requested in the next panel. +</div> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> +#if ($cstype == "CA") +<b><input $check_newdomain type=radio name=choice value="newdomain"> Create a New Security Domain </b> +<br/> +If no security domain exists, a new one must be created for this CA. + <table class="details"> + <tr> + <th>Security Domain Name: </th> + <td><input type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td> + </tr> + <tr> + <th>Security Domain HTTP EE URL (unsecure): </th> + <td>http://$machineName:$http_ee_port</td> + </tr> + <tr> + <th>Security Domain HTTPS Agent URL (clientauth): </th> + <td>https://$machineName:$https_agent_port</td> + </tr> + <tr> + <th>Security Domain HTTPS EE URL (non-clientauth): </th> + <td>https://$machineName:$https_ee_port</td> + </tr> + <tr> + <th>Security Domain HTTPS Admin URL (non-clientauth): </th> + <td>https://$machineName:$https_admin_port</td> + </tr> + </table> +<br/> +<b><input $check_existingdomain type=radio name=choice value="existingdomain"> Join an Existing Security Domain </b> +#else +<b><input disabled="disabled" type=radio name=choice value="newdomain"> Create a New Security Domain </b> +<br/> +If no security domain exists, a new one must be created for this CA. + <table class="details"> + <tr> + <th>Security Domain Name: </th> + <td><input disabled="disabled" type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td> + </tr> + </table> +<br/> +<b><input checked type=radio name=choice value="existingdomain"> Join an Existing Security Domain </b> +#end +<br/> +Enter the URL to an existing security domain. +<br/> + <table class="details"> + <tr> + <th>Security Domain HTTPS Admin URL (non-clientauth): </th> + <td><input type=text size="40" name="sdomainURL" value="$sdomainURL"> (e.g. - https://example.com:9445)</td> + </tr> + </table> +<br/> +<table> +<tr> +<td valign="top"><b>NOTE: </b></td> +<td>Since a Security Domain MUST be a CA (although all CAs are NOT necessarily Security Domains), an appropriate value for this URL may be obtained by logging into the machine which hosts the desired Security Domain CA as 'root' and running the command "$initCommand status $instanceID" from the command-line.</td> +</tr> +</table> +<br/> diff --git a/base/tps/apache/docroot/tps/admin/console/config/sidemenu.vm b/base/tps/apache/docroot/tps/admin/console/config/sidemenu.vm new file mode 100644 index 000000000..c3dbf1410 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/sidemenu.vm @@ -0,0 +1,29 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<div id="sidenav"> +<ul> + <li><a href="welcome">Welcome</a></li> + <li><a href="database">Internal Database</a></li> + <li><a href="module">Security Modules</a></li> + <li><a href="size">Key Size</a></li> + <li><a href="name">Issuer Name</a></li> + <li><a href="hierarchy">PKI Hierarchy</a></li> + <li><a href="admin">Administrator</a></li> + <li><a href="done">Finish</a></li> +</ul> +</div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/sizepanel.vm b/base/tps/apache/docroot/tps/admin/console/config/sizepanel.vm new file mode 100644 index 000000000..cfcf15190 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/sizepanel.vm @@ -0,0 +1,303 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301 USA + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<style type="text/css"> +div#advance +{ + margin: 0px 20px 0px 20px; + display: none; +} +div#simple +{ + margin: 0px 20px 0px 20px; + display: block; +} +</style> + +<SCRIPT type="text/JavaScript"> +var keys_ecc_curve_list="$keys_ecc_curve_list"; +var keys_ecc_curve_display_list = "$keys_ecc_curve_display_list"; +var keys_rsa_size_display_list = "$keys_rsa_size_display_list"; + +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} + +function toggleLayer(whichLayer) +{ + if (document.getElementById) { + // this is the way the standards work + var style2 = document.getElementById(whichLayer).style; + if (style2.display == "block") { + style2.display = "none"; + } else { + style2.display = "block"; + } + } +} + +function toggleLayer1(whichLayer) +{ + if (document.getElementById) { + // this is the way the standards work + var style2 = document.getElementById(whichLayer).style; + if (style2.display == "block") { + style2.display = "none"; + } else if (style2.display == "") { + style2.display = "none"; + } else { + style2.display = "block"; + } + } +} + +function keyTypeChange() +{ + var form = document.forms[0]; + + var keyTypeSelect = document.forms[0].elements['keytype']; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_keytype') != -1) { + if (keyTypeSelect.value.indexOf('ecc') != -1) { + form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; + } + } + } +} + +function defaultChange() +{ + var form = document.forms[0]; + var choiceSelect = document.forms[0].elements['choice']; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_choice') != -1) { + for (var j = 0; j < form.elements[name].length; j++) { + var c = form.elements[name]; + c[j].checked = choiceSelect[j].checked; + } + } + } +} + +function customChange() +{ + var form = document.forms[0]; + var choiceSelect = document.forms[0].elements['choice']; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_choice') != -1) { + for (var j = 0; j < form.elements[name].length; j++) { + var c = form.elements[name]; + c[j].checked = choiceSelect[j].checked; + } + } + } +} + +function textChange() +{ + var customSize = document.forms[0].elements['custom_size']; + var form = document.forms[0]; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_custom_size') != -1) { + form.elements[name].value = customSize.value; + } + } +} + +function displayCurveList() +{ + var list = keys_ecc_curve_display_list.split(","); + var linelen = 0; + for (var i=0; i < list.length -1 ; i++) { + document.write(list[i] + ","); + linelen = linelen + list[i].length; + if (linelen >= 60) { + document.write("<br/>"); + linelen=0; + } + } + document.write(list[list.length -1]); +} + +function displayStrengthList() +{ + var list = keys_rsa_size_display_list.split(","); + var linelen = 0; + for (var i=0; i < list.length -1 ; i++) { + document.write(list[i] + ","); + linelen = linelen + list[i].length; + if (linelen >= 60) { + document.write("<br/>"); + linelen=0; + } + } + document.write(list[list.length -1]); +} + +</SCRIPT> +Select the key pair type(s) and associated key pair size(s) from the pulldown menus. <a href="javascript:toggle_details();">[Details]</a> +<p> +Note that only RSA is supported for the audit_signing certificate at this point +<p> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</SCRIPT> +<div id=details style="display: none;"> +<p> +Each certificate can have its own key pair generated with its own independent settings or common settings can be applied to all key pairs. At minimum, each key pair has to define what <i>type</i> it is by identifying a cipher family and then has to set a <i>strength</i> for that key. +</p> +<ul> +<li> +<b><i>Key Type</i></b>. Sets the cipher family to use to generate the key pair. RSA and ECC key types have slightly different strength options. +</li> +<li> +<b><i>RSA strength: Key Size</i></b>. Sets the key length for the generated pair. The key length can be one of the lenghs listed below. Longer keys are stronger, which makes them more secure. +However, longer key pair sizes also increase the time required to perform operations such as signing certificates, so long keys can affect performance. +<br/><ul style="list-style:none"><li><i> +<SCRIPT type="text/JavaScript"> +displayStrengthList(); +</SCRIPT></i></li></ul> +</li> +<li> +<b><i>ECC strength: Curve Name</i></b>. Sets the curve algorithm to use, which can be any one of the curves listed below. The curves that are included in parenthesis are equivalent - and either name can be used. Note that not all curves may be supported by the token. +<br/><ul style="list-style:none"><li><i> +<SCRIPT type="text/JavaScript"> +displayCurveList(); +</SCRIPT></i></li></ul> +</li> +</ul> +<br/> +</div> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<p> +<div id="simple"> +<p> +<table width=100%> +<tr> + <td align=right><a href="javascript:toggleLayer1('simple'); toggleLayer('advance');" title="Advanced">[Advanced]</a></td> +</tr> +</table> +<p> +<H2>Common Key Settings</H2> +<p> +<table width=100% class="details"> + <tr> + <th width="30%">Key Type:</th> + <td><select name="keytype" onChange="keyTypeChange()"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td> + </tr> +</table> +<p> + +<p> + <input +#if ($select == "default") + checked +#end + onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default key size ($default_keysize bits for RSA; curve $default_ecc_curvename for ECC)</b>. + <p> + <input +#if ($select == "custom") + checked +#end + onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following custom key strength:</b> + + <p> +<table width=100% class="details"> + <tr> + <th>Key Size or Curve (see Details above):</th> + <td><input onChange="textChange()" type="text" size="20" name="custom_size" value="" /></td> + </tr> +</table> +<p> +</div> + +<div id="advance"> +<p> +<table width=100%> +<tr> + <td align=right><a href="javascript:toggleLayer1('simple');toggleLayer('advance');" title="Simple">[Simple]</a></td> +</tr> +</table> + +#foreach ($item in $certs) +<H2>Key for $item.getUserFriendlyName()</H2> +<p> +<table width=100% class="details"> + <tr> + <th width="30%">Key Type:</th> +#if ($item.getCertTag() == "audit_signing") + <td><select name="$item.getCertTag()_keytype"><option value=rsa>RSA</option></select></td> +#else + <td><select name="$item.getCertTag()_keytype"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td> +#end + </tr> +</table> +<p> + <input +#if ($item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="default"><b>Use the default key size ($default_keysize bits for RSA, curve $default_ecc_curvename for ECC). + <p> + <input +#if (!$item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following custom key strength:</b> + + <p> +<table width=100% class="details"> + <tr> + <th>Key Size or Curve (see Details above):</th> + <td><input type="text" size="20" name=$item.getCertTag()_custom_size value="" /></td> + </tr> +</table> +#end +</div> + +<br/> +<br/> +<br/> +#if ($firsttime == 'false') +<input type="CHECKBOX" NAME="generateKeyPair">New Keys<p> +#end +<p> + <div align="right"> + <hr /> +<i>Note: After pressing Next, keys will be generated on the server, which will take some time to complete. Please wait for the next panel to appear.</i> + + </div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/tksinfopanel.vm b/base/tps/apache/docroot/tps/admin/console/config/tksinfopanel.vm new file mode 100644 index 000000000..1f6ee162f --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/tksinfopanel.vm @@ -0,0 +1,50 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT LANGUAGE="JavaScript"> +function performPanel() { + with (document.forms[0]) { + submit(); + } +} + +</SCRIPT> +The Token Key Service (TKS) is responsible for managing master keys that are used for establishing secure channels. Select an HTTPS Agent URL of a TKS from the list below. +<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<p> + <table class="details"> + <tr> + <th>URL:</th> + <td><select name="urls"> + #if ($urls_size != 0) + #set ($x=0) + #foreach ($p in $urls) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + #end + </select> + </td> + </tr> + </table> + <div align="right"> + <hr /> + </div> +<p> diff --git a/base/tps/apache/docroot/tps/admin/console/config/topmenu.vm b/base/tps/apache/docroot/tps/admin/console/config/topmenu.vm new file mode 100644 index 000000000..c76b2e8fa --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/topmenu.vm @@ -0,0 +1,20 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<ul> +<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">Setup Wizard</a></li> +</ul> diff --git a/base/tps/apache/docroot/tps/admin/console/config/welcomepanel.vm b/base/tps/apache/docroot/tps/admin/console/config/welcomepanel.vm new file mode 100644 index 000000000..619560dd3 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/welcomepanel.vm @@ -0,0 +1,57 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<H2>$wizardname</H2> +The $fullsystemname + configuration wizard will guide the administrator through the process of configuring a single instance of the $fullsystemname + ($systemname). <a href="javascript:toggle_details();">[Details]</a> + +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> + +<div id=details style="display: none;"> +<p> +A Public Key Infrastructure (PKI) system creates, manages, and revokes keys and certificates. +<p> +Dogtag Certificate System (DCS) $productversion +is a robust PKI system consisting of numerous subsystems including a Certificate Authority (CA), a Registration Authority (RA), a Data Recovery Manager (DRM), an Online Certificate Status Protocol (OCSP) Manager, a Token Key Service (TKS), and a Token Processing System (TPS), as well as a multi-platform smartcard middleware software client called Enterprise Security Client (ESC). +<p> +For any subsystem to be useable, a user must use this wizard to configure an instance of this subsystem. +#if ($systemType != "tps") +<p> +Additionally, this wizard may also be used to clone any existing instance to achieve scalability and high-availability. +#end +</div> diff --git a/base/tps/apache/docroot/tps/admin/console/config/wizard.vm b/base/tps/apache/docroot/tps/admin/console/config/wizard.vm new file mode 100644 index 000000000..31d395edf --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/wizard.vm @@ -0,0 +1,147 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> + +<html> + <head> + + <title>Dogtag Certificate System</title> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + + </head> + +<SCRIPT LANGUAGE="JavaScript"> +function process(fop) { + with (document.forms[0]) { + op.value = fop; + if (fop == 'next') { + document.getElementById('progress').style.visibility = "visible"; + performPanel(); + } else if (fop == 'apply') { + document.getElementById('progress').style.visibility = "visible"; + performPanel(); + } else { + document.getElementById('progress').style.visibility = "visible"; + submit(); + } + } +} + +</SCRIPT> + + <body><div id="wrap"> + +#include ( "tps/admin/console/config/header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + + +<ul> +<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">$name</a></li> +</ul> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> +</div> + + +</div> +</div> + +</div> +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td class="sidebar"> + +<div id="sidenav"> +<ul> +#foreach ($pn in $panels) +#if (!$pn.isSubPanel()) + #if ($pn.isPanelDone() == "false") + <li><center><font color=black size="2">$pn.getName()</font></center></li> + #else + <li><center><font color=white size="2">$pn.getName()</font></center></li> + #end +#end +#end +</ul> +</div> + + </td> + <td class="page-content" width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + $title </h1> + +<form name=f method=post action="wizard"> +<input type=hidden name=p value="$p"> + +#parse ( $panel ) + +<input type=hidden name="op" value=''> + +</form> + +<table width=100% border=0 cellspacing=0 cellpadding=0> +<tr bgcolor="#eeeeee"> +<td><img id=progress style="visibility: hidden;" src="/pki/images/bigrotation2.gif" /></td> +<td align=right> + +#if ($showApplyButton == "true") +<input type=button onclick="process('apply')" name=back value="Apply"> +#end + +#if ($lastpanel) + +#else +<input type=button onclick="process('next')" name=back value="Next>"> +#end + +</td> +</tr> +</table> + + </td> + </tr> + </table> + +#include ( "tps/admin/console/config/footer.vm" ) + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/tps/apache/docroot/tps/admin/console/config/xml.vm b/base/tps/apache/docroot/tps/admin/console/config/xml.vm new file mode 100644 index 000000000..31ff72aa2 --- /dev/null +++ b/base/tps/apache/docroot/tps/admin/console/config/xml.vm @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<response> + $xml +</response> |